summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--po/bg.po849
-rw-r--r--po/de.po849
-rw-r--r--po/es.po849
-rw-r--r--po/eu.po849
-rw-r--r--po/fr.po852
-rw-r--r--po/hu.po849
-rw-r--r--po/id.po849
-rw-r--r--po/it.po849
-rw-r--r--po/ja.po851
-rw-r--r--po/nb.po849
-rw-r--r--po/nl.po853
-rw-r--r--po/pl.po853
-rw-r--r--po/pt.po849
-rw-r--r--po/ru.po849
-rw-r--r--po/sssd.pot849
-rw-r--r--po/sv.po850
-rw-r--r--po/tg.po849
-rw-r--r--po/tr.po849
-rw-r--r--po/uk.po853
-rw-r--r--po/zh_CN.po849
-rw-r--r--po/zh_TW.po849
-rw-r--r--src/man/po/br.po3142
-rw-r--r--src/man/po/ca.po3210
-rw-r--r--src/man/po/cs.po3175
-rw-r--r--src/man/po/de.po3818
-rw-r--r--src/man/po/es.po3674
-rw-r--r--src/man/po/eu.po3124
-rw-r--r--src/man/po/fr.po3797
-rw-r--r--src/man/po/ja.po3607
-rw-r--r--src/man/po/lv.po3142
-rw-r--r--src/man/po/nl.po3146
-rw-r--r--src/man/po/pt.po3211
-rw-r--r--src/man/po/ru.po3140
-rw-r--r--src/man/po/sssd-docs.pot3082
-rw-r--r--src/man/po/tg.po3138
-rw-r--r--src/man/po/uk.po3808
-rw-r--r--src/man/po/zh_CN.po3136
37 files changed, 40339 insertions, 30858 deletions
diff --git a/po/bg.po b/po/bg.po
index c164ac676..923514921 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Bulgarian <trans-bg@lists.fedoraproject.org>\n"
@@ -18,151 +18,151 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Задава ниво на подробност на debug лог записите"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Включва час и дата в debug лога"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Записва debug съобщенията в логфайлове"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Ping изчакване преди рестарт на услугата"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Команда за стартиране на услугата"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Време за опити за връзка с Data Provider-и"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "SSSD услуги за стартиране"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "SSSD домейни за стартиране"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Изчакване за съобщения, изпратени през SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Regex за намиране на потребителско име и домейн"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-съвместим формат за изобразяване на пълно-квалифицирани имена"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Потребители, които SSSD изрично трябва да игнорира"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Групи, които SSSD изрично трябва да игнорира"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Да се показват ли филтрираните потребители в групи"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Стойността на полето парола, което NSS доставчикът трябва да върне"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr "Колко дни да се позволява кеширано влизане между влизания онлайн"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Колко неуспешни опита за влизане са разрешени, когато сме офлайн"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -170,957 +170,986 @@ msgstr ""
"Колко време (в минути) да е забранено влизането, след достигане броя "
"неуспешни опити за влизане, когато сме офлайн"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Доставчик на самоличност"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Доставчик на удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Доставчик на контрол на достъп"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Доставчик на смяна на парола"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Минимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Максимално ID на потребител"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Кеширай идентификационни данни за офлайн влизане"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Съхранявай хешове на пароли"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Показвай потребители/групи в пълно -валифицирана форма"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Ограничава или предпочита определена фамилия адреси при DNS търсения"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Колко дни да се пазят кешираните записи след последното успешно влизане"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Колко време да чакам за отговори от DNS при търсене на сървъри (секунди)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Частта Домейн от DNS заявката за откриване на услуга"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA домейн"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Адрес на IPA сървър"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Име на хост на IPA клиент"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "LDAP филтър за определяне права на достъп"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Адрес на Kerberos сървър"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos област"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Директория за съхранение на кеша за данни за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Местоположение на кеша за данни за удостоверяване на потребители"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Местоположение на keytab за валидиране на данните за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Разреши проверката на данните за удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr "Записва паролата ако е офлайн за по-късно удостоверяване"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI на LDAP сървъра"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Базовият DN по подразбиране"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Използваният тип схема на LDAP сървъра, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Подразбиращият се bind DN"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Продължителност на опитите за свързване"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Продължителност на опитите за синхронни LDAP операции"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Продължителност на времето между опитите за връзка докато е офлайн"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Файл, съдържащ CA сертификати"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Път до директорията на CA сертификат"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Изисква TLS проверка на сертификат"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Задава за използване механизма sasl"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Задаване на sasl authorization id за употреба"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "keytab на Kerberos услуга"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Ползвай Kerberos auth за LDAP връзка"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Следвай LDAP референциите"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Продължителност на живот на TGT за LDAP връзка"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Продължителност на време за изчакване на заявка за търсене"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Продължителност на време между актуализации на изброяване"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Изисква TLS за ИД справките"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "атрибут Потребителско име"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "атрибут UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "атрибут Първичен GID"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "атрибут GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "атрибут Домашна директория"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "атрибут Команден интерпретатор"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "атрибут UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "атрибут User principal (за Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Пълно име"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "атрибут членНа"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "атрибут Момент на промяна"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Политика за определяне срок на валидност на парола"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "LDAP филтър за определяне права на достъп"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Списък разрешени потребители, разделени със запетая"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Списък забранени потребители, разделени със запетая"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Подразбиращ се команден интерпретатор, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Място за домашните директории"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Продължава като демон (по подразбиране)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Интерактивна работа (а не като демон)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Задаване на друг (не подразбиращия се) конфиг файл"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Ниво на debug"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1148,74 +1177,80 @@ msgstr "Възникнала е грешка, но не може да се на
msgid "Unexpected error while looking for an error description"
msgstr "Неочаквана грешка при търсене на описание на грешка"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Паролите не съвпадат"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "Промяна на паролата от root не се поддържа."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Удостоверен с кеширани идентификационни данни"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", кешираната парола ще изтече на: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "Удостоверяването е забранено до: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Системата е офлайн, промяна на паролата не е възможна"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Промяната на паролата не успя."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Съобщение от сървъра:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Нова парола:"
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Отново новата парола:"
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Парола:"
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Текуща парола:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Паролата Ви е остаряла. Сменете я сега."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Нивото на debug записи при работа"
@@ -1224,11 +1259,11 @@ msgstr "Нивото на debug записи при работа"
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Грешка при задаване локални настр.\n"
@@ -1296,93 +1331,93 @@ msgstr "Задайте алтернативна skeleton директория"
msgid "The SELinux user for user's login"
msgstr "SELinux потребителят за влизането на потребителя"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Задайте група, към която да го добавя\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Задайте потребител за добавяне\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Грешка при инициализирането на инструментите - няма локален домейн\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Грешка при инициализирането на инструментите - няма локален домейн\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Грешка при инициализирането на инструментите\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "В FQDN е зададен невалиден домейн\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Вътрешна грешка при разбор на параметри\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Групите трябва да са в същия домейн като потребителя\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Не мога да задам стойностите по подразбиране\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "Зададеният UID е извън позволения обхват\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Не мога да задам SELinux контекст за влизане\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Не мога да получа инфо за потребителя\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Домашната директория на потребителя вече съществува, няма да копирам данни "
"от skeldir\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Не можах да запазя ID за потребителя - домейнът ли е пълен?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Потребител или група с такова име или ID вече съществува\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Грешка в транзакцията. Не можах да добавя потребителя.\n"
@@ -1390,50 +1425,50 @@ msgstr "Грешка в транзакцията. Не можах да доба
msgid "The GID of the group"
msgstr "GID на групата"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Задайте група за добавяне\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Зададеният GID е извън позволения обхват\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "Група %1$s е извън дефинирания ID обхват за домейн\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1445,92 +1480,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1550,52 +1585,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr "Потребител %1$s е извън дефинирания ID обхват за домейн\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1619,102 +1654,102 @@ msgstr ""
msgid "Unlock the account"
msgstr ""
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1730,12 +1765,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1744,6 +1779,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/de.po b/po/de.po
index 751adf0e3..809c28134 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
@@ -19,1105 +19,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "SSSD-Dienste zum Starten"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "SSSD-Domains zum Starten"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Identity Provider"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-Domain"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA-Client-Rechnername"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos Realm"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "GECOS-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Vollständiger Name"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1145,74 +1174,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1221,11 +1256,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1293,91 +1328,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1385,50 +1420,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1440,92 +1475,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1545,52 +1580,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1614,102 +1649,102 @@ msgstr "Das Konto sperren"
msgid "Unlock the account"
msgstr "Das Konto entsperren"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1725,12 +1760,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1739,6 +1774,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/es.po b/po/es.po
index f73a1ec87..f9c26812e 100644
--- a/po/es.po
+++ b/po/es.po
@@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
@@ -23,73 +23,73 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Establece el nivel de detalle del registro de depuración"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Incluir la marca de tiempo en los registros de depuración"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
"Incluir microsegundos en la marca de tiempo en los registros de depuración"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Escribir los mensajes de depuración a archivos log"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Tiempo máximo de ping antes de reiniciar el servicio"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Comando para iniciar el servicio"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
"Número de veces que debe intentar la conexión con los Proveedores de Datos"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Servicios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Dominios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Tiempo máximo para los mensajes enviados a través de SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
"Expresión regular para analizar sintácticamente el nombre de usuario y "
"dominio"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
"Formato compatible con printf para mostrar nombres completamente calificados"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -97,66 +97,66 @@ msgstr ""
"Directorio en el sistema de archivos donde SSSD debería guardar fichero de "
"reproducción de cache de Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tiempo máximo (segundos) del caché de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Tiempo máximo negativo del cache (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Usuarios que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Deben aparecer los usuarios filtrados en los grupos"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "El valor del campo contraseña que el proveedor NSS debe devolver"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Sustituye valores del directorio personal del proveedor de la identidad con "
"este valor"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "Lista de los usuarios de consola habilitados para registrarse"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Lista de consolas que serán vetadas, y reemplazadas por la consola de reserva"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -164,25 +164,25 @@ msgstr ""
"Si una consola almacenada en el directorio central es permitida pero no se "
"encuentra disponible, utilice esta de reserva"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Cuantos intentos de ingreso fallidos se permiten cuando está desconectado"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -190,455 +190,480 @@ msgstr ""
"Cuántos minutos se denegará el ingreso después de que se alcance el máximo "
"de ingresos fallidos offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Que clase de mensajes se muestran al usuario durante la autenticación"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Cuanto segundos se mantendrá la información de identidad almacenada para "
"solicitudes de PAM"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Ya sea para evaluar los atributos basados en el tiempo en reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Proveedor de identidad"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Proveedor de Autenticación"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Proveedor de control de acceso"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Proveedor de cambio de contraseña"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "Proveedor de SUDO"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Proveedor de Autofs"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Suministrador de carga de sesión"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Suministrador de identidad de host"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "ID mínimo de usuario"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "ID máximo de usuario"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Habilitar la enumeración de todos los usuarios/grupos"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Hacer caché de las credenciales para ingresos fuera de línea"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Guardar los hashes de la contraseña"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrar los usuarios/grupos en un formato completamente calificado"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Tiempo máximo de una entrada del caché (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir o preferir una familia de direcciones específica, cuando se "
"realicen búsquedas DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se "
"estén resolviendo servidores"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "La sección del dominio de la consulta para descubrir servicios DNS"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "Sustituye valor GID del proveedor de la identidad con este valor"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Trate al nombre de usuario con mayúsculas y minúsculas"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"La interfaz cuya IP debería ser utilizada para actualizaciones DNS "
"automáticas"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Dirección del servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Nombre de equipo del cliente IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Búsqueda base para objetos HBAC"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
"Si se encuentran presentes reglas de negación (DENY) o bien se niega todo "
"(DENY_ALL) o se ignora (IGNORE)"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Si se lo define en 'false', será ignorado el argumento de equipo ofrecido "
"por PAM"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "La ubicación de montaje automático que este cliente de IPA está usando"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Filtro LDAP para determinar privilegios de acceso"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Dirección del servidor Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Reinado Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Expiración de la autenticación"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Directorio donde almacenar las credenciales cacheadas"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Ubicación del caché de credenciales del usuario"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Ubicación de la tabla de claves para validar las credenciales"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
"Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
"una autenticación en línea"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "ciclo de vida renovable del TGT"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "ciclo de vida del TGT"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "tiempo entre dos comprobaciones para renovación "
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Habilita FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Selecciona el principal para su uso por FAST"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Habilita canonicalización principal"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"El servidor en donde está ejecutándose el servicio de modificación de "
"contraseña, en caso de no ser KDC. "
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, El URI del servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "DN base predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "El DN Bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "El tipo del token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "El token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Tiempo durante el que se intentará la conexión"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Use solo el caso superior para nombres reales"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Ruta hacia un directorio certificado CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Fichero que contiene el certificado de cliente"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Fichero que contiene la llave de cliente"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Lista de posibles suites de cifrado"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Requiere la verificación de certificado TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Especificar el mecanismo sasl a usar"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Especifica el reinado de autorización sasl a ser utilizado"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Tabla de clave del servicio Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usar auth Kerberos para la conexión LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Seguir referencias LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Período de vida del TGT para la conexión LDAP"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Como eliminar aliases"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Nombre de servicio para busquedas de servicios DNS"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"La cantidad de miembros que deben faltar para desencadenar una deref completa"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -646,528 +671,532 @@ msgstr ""
"Si la Biblioteca LDAP debería realizar una búsqueda inversa para "
"canonicalizar el nombre del host durante un enlace SASL"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "atributo entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "atributo lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"El período de tiempo máximo para retener una conexión con el servidor LDAP "
"antes de desconectar"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Deshabilita el control de paginación LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "periodo de espera para solicitud de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "periodo de tiempo entre borrados de la caché"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Requiere TLS para búsquedas de ID"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Ambito de las búsquedas del usuario"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Atributo GID primario"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Atributo Directorio de inicio"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal del usuario (para Kerberos) "
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Nombre completo"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "atributo shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "atributo shadowMin "
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "atributo shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "atributo shadowWarning "
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "atributo shadowInactive "
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "atributo shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "atributo shadowFlag "
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "listado de atributos de servicios PAM autorizados"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Atributo de listado de equipos de servidor autorizados"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "atributo krbLastPwdChange "
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "atributo krbPasswordExpiration "
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"atributo indicando que las políticas de contraseña del lado del servidor "
"están activas"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "atributo accountExpires de AD"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "atributo userAccountControl de AD"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "atributo nsAccountLock "
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap atributo de NDS"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "Atributo de clave pública SSH"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "DN base para busqueda de grupos"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "clase objeto para"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Nombre del grupo"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Contraseña del grupo"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "Atributo GID"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Atributo de miembro del grupo"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Atributo de UUID del grupo"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Atributo de modificación de tiempo para los grupos"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "A continuación, nivel SSSD de anidado máximo"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "DN base para búsquedas de grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Clases de objetos para grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Nombre de grupo de red"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Atributo de miembros de grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Atributo triple de grupo de red"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID de miembro de red"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Atributo de modificación de tiempo para grupos de red"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Base DN para servicio de búsquedas"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Clase de objeto para servicio"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Atributo de nombre de servicio"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Atributo de puerto de servicio"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Atributo de protocolo de servidor"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Política para evaluar el vencimiento de la contraseña"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Filtro LDAP para determinar privilegios de acceso"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Los atributos que deberán ser utilizados para evaluar si una cuenta ha "
"expirado"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI de un servidor LDAP donde se permite la modificación de contraseñas"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
"Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Base DN para búsquedas de reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Objeto clase para reglas sudo"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Nombre de regla sudo"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Atributo de regla de comando sudo"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Atributo de la regla host de sudo"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Atributo de la regla usuario de sudo"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Atributo de la regla opción de sudo"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "Atributo de la regla suda runasuser"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Atributo de regla runasgroup de sudo"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Atributo de regla notbefore de sudo"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Atributo de regla noafter de sudo"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Atributo de regla orden de sudo"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Objeto clase para mapas automontador"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Atributo de nombre de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Objeto clase para entradas de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Atributo de clave de entrada para mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Atributo de valor de entrada para mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Base DN para búsquedas de mapa de automontador"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Lista separada por comas de usuarios autorizados"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Lista separada por comas de usuarios prohibidos"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Shell predeterminado, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Base de los directorios de inicio"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Nombre de la biblioteca NSS a usar"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Pila PAM a usar"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Convertirse en demonio (predeterminado)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Ejecutarse en forma interactiva (no un demonio)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Indicar un archivo de configuración diferente al predeterminado"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Muestra el número de versión y finaliza"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Nive de depuración"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Agregar marcas de tiempo de depuración"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Mostrar marcas de tiempo con microsegundos"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Un arhivo abierto de descriptor para los registros de depuración"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del proveedor de información (obligatorio)"
@@ -1196,74 +1225,80 @@ msgid "Unexpected error while looking for an error description"
msgstr ""
"Ha ocurrido un error no esperado mientras se buscaba la descripción del error"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Las contraseñas no coinciden"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "No existe soporte para reseteado de la contraseña por el usuario root."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Autenticado mediante credenciales cacheada"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", su contraseña cacheada vencerá el:"
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "La autenticación ha sido denegada hasta:"
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Falló el cambio de contraseña."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Mensaje del servidor:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nueva contraseña: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Reingrese la contraseña nueva:"
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Contraseña: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Contraseña actual: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Nivel de depuración en que se debe ejecutar"
@@ -1272,11 +1307,11 @@ msgstr "Nivel de depuración en que se debe ejecutar"
msgid "The SSSD domain to use"
msgstr "El dominio SSSD a usar"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Error al poner la región\n"
@@ -1345,93 +1380,93 @@ msgstr "Debe especificar un directorio esqueleto alternativo"
msgid "The SELinux user for user's login"
msgstr "El usuario de SELinux para el registro del usuario"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Especifica el grupo a ser añadido\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Especifique el usuario a agregar\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Error al inicializar las herramientas - no hay dominio local\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Error al inicializar las herramientas - no hay dominio local\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Error al inicializar las herramientas\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Dominio inválido especificado en FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Error interno al analizar sintácticamente los parámetros.\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Los grupos deben estar en el mismo dominio que el usuario\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "No se pudieron establecer los valores predeterminados\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "El UID seleccionado está fuera del rango permitido\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "No es posible definir contexto de registro de SELinux\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "No se pudo obtener información del usuario\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"El directorio de inicio del usuario ya existe, no copiar datos desde el "
"esqueleto\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "No se pudo asignar el ID para el usuario - ¿el dominio estará lleno?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Ya existe un usuario o grupo con el mismo nombre o ID\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Error en la transacción. No se pudo agregar el usuario.\n"
@@ -1439,44 +1474,44 @@ msgstr "Error en la transacción. No se pudo agregar el usuario.\n"
msgid "The GID of the group"
msgstr "El GID del grupo"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Especifique el grupo a agregar\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "El GID elegido está fuera del rango permitido\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "No se pudo asignar el ID para el grupo - ¿el dominio estará lleno?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Ya existe un grupo con el mismo nombre o GID\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Error en la transacción. No se pudo agregar el grupo.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Especifique el grupo a borrar\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1484,7 +1519,7 @@ msgstr ""
"No existe tal grupo en el dominio local. Eliminando los grupos que sólo se "
"permiten en el dominio local.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Error interno. No se pudo eliminar el grupo.\n"
@@ -1496,15 +1531,15 @@ msgstr "Grupos a los que se debe agregar este grupo"
msgid "Groups to remove this group from"
msgstr "Grupos desde los que se debe eliminar este grupo"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Especifica el grupo a ser eliminado de\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Especifique el grupo a modificar\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1512,76 +1547,76 @@ msgstr ""
"No se pudo encontrar el grupo en el dominio local, la modificación de grupos "
"se permite sólo en el dominio local\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Los grupos miembro deben estar en el mismo dominio que el grupo padre\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"No se pudo modificar el grupo - verifique si los nombre de grupo miembro son "
"los correctos\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"No se pudo modificar el grupo - verifique si el nombre de grupo es correcto\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Error de transacción. No se pudo modificar el grupo.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magia privada"
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Imprime miembros de grupo indirecto en forma recursiva"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Especifica el grupo a mostrar\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1589,7 +1624,7 @@ msgstr ""
"No existe tal grupo en el dominio local. Imprimir los grupos está permitido "
"únicamente en el dominio local.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Error interno. No se pudo imprimir el grupo.\n"
@@ -1609,55 +1644,55 @@ msgstr "Forzar la eliminación de los archivos que no pertenecen al usuario"
msgid "Kill users' processes before removing him"
msgstr "Finaliza los procesos del usuario antes de eliminarlo"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Especifique el usuario a borrar\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "No es posible reiniciar contexto de registro de SELinux\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
"No es posible determinar si el usuario estaba registrado en esta plataforma"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Error mientras se verificaba si el usuario se encontraba registrado\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "No eliminando el directorio de inicio - no pertenece al usuario\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"No existe ese usuario en el dominio local. La eliminación de usuarios se "
"permite en el dominio local.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Error interno. No se pudo eliminar el usuario.\n"
@@ -1681,11 +1716,11 @@ msgstr "Bloquear la cuenta"
msgid "Unlock the account"
msgstr "Desbloquear la cuenta"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Especifique el usuario a modificar\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1693,95 +1728,95 @@ msgstr ""
"No se pudo encontrar el usuario en el dominio local, la modificación de los "
"usuarios se permite solamente en el dominio local\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"No se pudo modificar el usuario - verifique si los nombres de grupo son "
"correctos\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"No se pudo modificar el usuario - ¿no será ya miembro de esos grupos?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Error de transacción. No se pudo modificar el usuario.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Usuario particular invalidado"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Todos los usuarios invalidados"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1797,12 +1832,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Falta memoria\n"
@@ -1811,6 +1846,6 @@ msgstr "Falta memoria\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Envia el resultado de la depuración hacia archivos en lugar de stderr"
diff --git a/po/eu.po b/po/eu.po
index ea9cf7924..9d87d783b 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/fedora/language/"
@@ -19,1105 +19,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Gutxienezko erabiltzaile IDa"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Gehienezko erabiltzaile IDa"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA domeinua"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA zerbitzariaren helbidea"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA bezeroaren ostalari-izena"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "FAST gaitzen du"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "entryUSN atributua"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "lastUSN atributua"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "UID atributua"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID atributua"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "objectSID atributua"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Izen osoa"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "shadowLastChange atributua"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "shadowMin atributua"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "shadowMax atributua"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "shadowWarning atributua"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "shadowInactive atributua"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "shadowExpire atributua"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "shadowFlag atributua"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange atributua"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration atributua"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "ADren accountExpires atributua"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "ADren userAccountControl atributua"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "nsAccountLock atributua"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Talde-izena"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Taldearen pasahitza"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "GID atributua"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Taldearen UUID atributua"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Shell lehenetsia, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Inprimatu bertsio zenbakia eta irten"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Arazketa maila"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Gehitu arazketako data-zigiluak"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1145,74 +1174,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Huts egin du pasahitza aldatzeak. "
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Pasahitz berria: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Berriz sartu pasahitz berria: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Pasahitza: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Uneko pasahitza: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1221,11 +1256,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1293,91 +1328,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Zehaztu gehitu beharreko erabiltzailea\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Errorea tresnak hasieratzean - domeinu lokalik ez\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Errorea tresnak hasieratzean - domeinu lokalik ez\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Errorea tresnak hasieratzean\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Baliogabeko domeinua zehaztu da FQDN-n\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Barne errorea parametroak analizatzean\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Taldeek erabiltzailearen domeinu berean egon behar dute\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Ezin dira balio lehenetsiak ezarri\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "Hautatutako UIDa baimendutako bitartetik kanpo dago\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1385,50 +1420,50 @@ msgstr ""
msgid "The GID of the group"
msgstr "Taldearen GIDa"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Hautatutako UIDa baimendutako bitartetik kanpo dago\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Zehaztu taldea ezabatzeko\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Barne errorea. Ezin izan da taldea kendu.\n"
@@ -1440,92 +1475,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sTaldea: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$sGID zenbakia: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1545,52 +1580,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1614,102 +1649,102 @@ msgstr ""
msgid "Unlock the account"
msgstr "Desblokeatu kontua"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Baliogabetu erabiltzaile bat"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Baliogabetu erabiltzaile guztiak"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Baliogabetu talde bat"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Baliogabetu talde guztiak"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Baliogabetu zerbitzu bat"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Baliogabetu zerbitzu guztiak"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1725,12 +1760,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1739,6 +1774,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 67a2e54c7..a571d755f 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-29 13:00+0000\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
@@ -20,73 +20,73 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Définir le niveau de détails de la sortie de débogage"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Ajouter l'horodatage dans les fichiers de débogage"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
"Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Écrire les messages de débogage dans les journaux"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Délai d'attente de réponse avant de redémarrer le service"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Délai entre une série de trois ping en échec et une mort violente et forcée "
"du service"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Commande pour démarrer le service"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
"répondeur"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Services SSSD à démarrer"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Domaines SSSD à démarrer"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format compatible printf d'affichage des noms complétement qualifiés"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -94,70 +94,70 @@ msgstr ""
"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
"relecture de Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Délai d'attente du cache d'énumération (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
"secondes)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Délai d'attente du cache négatif (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilisateurs que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groupes que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
"fournisseur d'identité"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Substitution de la valeur homedir vide du fournisseur d'identité avec cette "
"valeur"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "Écraser le shell donné par le fournisseur d'identité avec cette valeur"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
"Liste des interpréteurs de commandes utilisateurs autorisés pour se connecter"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Liste des interpréteurs de commandes bannis et remplacés par celui par défaut"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -165,25 +165,25 @@ msgstr ""
"Si un interpréteur de commandes stocké dans l'annuaire central est autorisé "
"mais indisponible, utiliser à défaut celui-ci"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "Durée de maintien en cache des enregistrements valides"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Délai pendant lequel les connexions utilisant le cache sont autorisées entre "
"deux connexions en ligne (en jours)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -191,34 +191,34 @@ msgstr ""
"Durée d'interdiction de connexion après que offline_failed_login_attempts "
"est atteint (en minutes)"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Quels types de messages sont affichés à l'utilisateur pendant "
"l'authentification"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Durée en secondes pendant laquelle les informations d'identité sont gardées "
"en cache pour les requêtes PAM"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
"avertissement doit être affiché"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -226,433 +226,461 @@ msgstr ""
"Le nombre de secondes pour garder un hôte dans le fichier known_hosts après "
"que ses clés d'hôte ont été demandées"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Fournisseur d'identité"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Fournisseur d'authentification"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Fournisseur de contrôle d'accès"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Fournisseur de changement de mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "Fournisseur SUDO"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Fournisseur autofs"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Fournisseur de chargement de session"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Fournisseur d'identité de l'hôte"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Identifiant utilisateur minimum"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Identifiant utilisateur maximum"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Activer l'énumération de tous les utilisateurs/groupes"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Stocker les sommes de contrôle des mots de passe"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Afficher les utilisateurs/groupes dans un format complétement qualifié"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "Ne pas inclure les membres des groupes dans les recherches de groupes."
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Durée de validité des entrées en cache (en secondes)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Restreindre ou préférer une famille d'adresses lors des recherches DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durée de validité des entrées en cache après la dernière connexion réussie "
"(en jours)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Délai d'attente des réponses du DNS lors de la résolution des serveurs (en "
"secondes)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "La partie domaine de la requête de découverte de service DNS"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Considère les noms d'utilisateur comme casse dépendant"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
"dynamiques du DNS"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
"l'enregistrement PTR"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Quel type d'authentification doit être utilisée pour effectuer la mise à "
"jour DNS"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+#, fuzzy
+msgid "How often should subdomains list be refreshed"
+msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Domaine IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Adresse du serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "Adresse du serveur IPA de secours"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Nom de système du client IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Base de recherche pour les objets HBAC"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Si les règles DENY sont présentes, utiliser soit DENY_ALL soit IGNORE"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
"L'emplacement de la carte de montage automatique utilisée par le client IPA"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
"Base de recherche pour l'objet contenant les informations de base à propos "
"du domaine IPA"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
"Base de recherche pour les objets contenant les informations à propos des "
"plages d'ID"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement"
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Domaine Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Adresse du serveur Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Adresse du serveur Active Directory de secours"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Nom de système du client Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Adresse du serveur Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Adresse du serveur Kerberos de secours"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Domaine Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Délai avant expiration de l'authentification"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr "Choisir de créer ou non les fichiers kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Répertoire pour stocker les caches de crédits"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Emplacement du cache de crédits de l'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Emplacement du fichier keytab de validation des crédits"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Activer la validation des crédits"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
"Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
"en ligne"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "Durée de vie renouvelable du TGT"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "Durée de vie du TGT"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Durée entre deux vérifications pour le renouvellement"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Active FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Sélectionne le principal pour être utilisé avec FAST"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Active la canonisation du principal"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr "Active les principals d'entreprise"
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serveur où tourne le service de changement de mot de passe s'il n'est pas "
"sur le KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'adresse du serveur LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "La base DN par défaut"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Le DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Le jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "N'utiliser que des majuscules pour les noms de domaine"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Fichier contenant les certificats des CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Chemin vers le répertoire de certificats des CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Fichier contenant le certificat client"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Fichier contenant la clé du client"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Liste des suites de chiffrement possibles"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Requiert une vérification de certificat TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Spécifier le mécanisme SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Service du fichier keytab de Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Suivre les référents LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Durée de vie du TGT pour la connexion LDAP"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Comment déréférencer les alias"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Nom du service pour les recherches DNS"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Nombre de membres qui doivent être manquants pour activer un déréférencement "
"complet"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -660,360 +688,364 @@ msgstr ""
"Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
"nom d'hôte pendant une connexion SASL ?"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "attribut entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "attribut lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Combien de temps conserver la connexion au serveur LDAP avant de se "
"déconnecter"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Désactiver le contrôle des pages LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr "Désactiver la récupération de plage Active Directory."
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Durée d'attente pour une requête de recherche"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "Durée d'attente pour une requête d'énumération"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Durée entre deux mises à jour d'énumération"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Durée entre les nettoyages de cache"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "TLS est requis pour les recherches d'identifiants"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
"établis"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Base DN pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Scope des recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filtre pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Classe d'objet pour les utilisateurs"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Attribut de nom d'utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Attribut UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Attribut de GID primaire"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Attribut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Attribut de répertoire utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Attribut d'interpréteur de commandes"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Attribut UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "attribut objectSID"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Nom complet"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Attribut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Attribut de date de modification"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "Attribut shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "Attribut shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "Attribut shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "Attribut shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "Attribut shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "Attribut shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "Attribut shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "Attribut listant les services PAM autorisés"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Attribut listant les systèmes serveurs autorisés"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "Attribut krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "Attribut krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Attribut indiquant que la stratégie de mot de passe du serveur est active"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "Attribut AD accountExpires"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "Attribut AD userAccountControl"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "Attribut nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "Attribut NDS loginDisabled"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "Attribut NDS loginExpirationTime"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Attribut NDS loginAllowedTimeMap"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "Attribut de clé public SSH"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "DN de base pour les recherches de groupes"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "Classe d'objet pour les groupes"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Nom du groupe"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Mot de passe du groupe"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "Attribut GID"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Attribut membre du groupe"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Attribut d'UUID du groupe"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Attribut de date de modification pour les groupes"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "Niveau de récursion maximum que SSSd doit suivre"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "DN de base pour les recherches de netgroup"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Classe d'objet pour les groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Nom du groupe réseau"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Attribut des membres des groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Attribut triplet du groupe réseau"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Attribut d'UUID du groupe réseau"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Attribut date de modification pour les groupes réseau"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Nom de domaine (DN) de base pour les recherches de service"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Classe objet pour les services"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Attribut de nom de service"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Attribut de port du service"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Attribut de service du protocole"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "Limite inférieure pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "Limite supérieure pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
"Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "SID du domaine par défaut pour la correspondance d'ID"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
"Utiliser LDAP_MATCHING_RULE_IN_CHAIN pour les recherches de groupes "
"d'initialisation"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
"Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
"Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
"URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
"de passe"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1021,23 +1053,23 @@ msgstr ""
"Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
"changement de mot de passe"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "Périodicité de rafraichissement total"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "Périodicité de rafraichissement intelligent"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1045,156 +1077,156 @@ msgstr ""
"Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
"filtrer les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
"sudo"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Inclure ou non les règles qui contiennent une expression rationnelle dans "
"l'attribut host"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Classe objet pour les règles sudo"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Règle de nom sudo"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Attribut de commande de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Attribut hôte de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Attribut utilisateur de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Attribut option de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "Attribut runasuser de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Attribut runasgroup de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Attribut notbefore de la règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Attribut notafter de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Attribut d'ordre de règle sudo"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Classe objet pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Nom de l'attribut de carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Classe objet pour l'entrée de référence de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Attribut de valeur pour la carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Base DN pour les requêtes de carte de montage automatique"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Interpréteur de commande par défaut : /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Base pour les répertoires utilisateur"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Nom de la bibliothèque NSS à utiliser"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Pile PAM à utiliser"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Devenir un démon (par défaut)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Fonctionner en interactif (non démon)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Définir un fichier de configuration différent de celui par défaut"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Afficher le numéro de version et quitte"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Niveau de débogage"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Ajouter l'horodatage au débogage"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Afficher l'horodatage en microsecondes"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Domaine du fournisseur d'informations (obligatoire)"
@@ -1224,77 +1256,83 @@ msgstr "Une erreur est survenue mais aucune description n'est trouvée."
msgid "Unexpected error while looking for an error description"
msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Les mots de passe ne correspondent pas"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
"La réinitialisation du mot de passe par root n'est pas prise en charge."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Authentifié avec les crédits mis en cache"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", votre mot de passe en cache expirera à :"
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Votre mot de passe expirera dans %1$d %2$s."
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "L'authentification est refusée jusque :"
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
"Le système est hors-ligne, les modifications du mot de passe sont impossibles"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Échec du changement de mot de passe."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Message du serveur : "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Retaper le nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Mot de passe : "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Mot de passe actuel : "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Le niveau de débogage utilisé avec"
@@ -1303,11 +1341,11 @@ msgstr "Le niveau de débogage utilisé avec"
msgid "The SSSD domain to use"
msgstr "Le domaine SSSD à utiliser"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Erreur lors du paramétrage de la locale\n"
@@ -1375,96 +1413,96 @@ msgstr "Spécifie un répertoire squelette alternatif"
msgid "The SELinux user for user's login"
msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Définir le groupe à ajouter à\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Définir l'utilisateur à ajouter à\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Erreur à l'initialisation des outils\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Domaine invalide définit dans le FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Erreur interne lors de l'analyse des paramètres\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Impossible de définir les valeurs par défaut\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "L'UID sélectionné est en dehors de la plage autorisée\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Impossible de définir le contexte de connexion SELinux\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Impossible de trouver les informations sur l'utilisateur\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Le répertoire de l'utilisateur existe déjà, les données du répertoire "
"squelette ne sont pas copiées\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
"Impossible de créer le répertoire de réception des messages électroniques "
"pour l'utilisateur : %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
"L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
@@ -1472,48 +1510,48 @@ msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
msgid "The GID of the group"
msgstr "Le GID du groupe"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Définir le groupe à ajouter\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Le GID choisit est en dehors de la plage autorisée\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Un groupe avec le même nom ou GID existe déjà\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Spécifier le groupe à supprimer\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
"Le groupe %1$s est en dehors de la plage d'identifiants définie pour le "
"domaine\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en "
"mémoire.\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1521,7 +1559,7 @@ msgstr ""
"Aucun groupe dans le domaine local. La suppression de groupes n'est "
"autorisée que dans le domaine local.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Erreur interne. Impossible de supprimer le groupe.\n"
@@ -1533,15 +1571,15 @@ msgstr "Groupes auxquels ce groupe sera ajouté"
msgid "Groups to remove this group from"
msgstr "Groupes desquels ce groupe sera retiré"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Définir le groupe duquel supprimer\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Définir le groupe à modifier\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1549,14 +1587,14 @@ msgstr ""
"Impossible de trouver le groupe dans le domaine local, la modification des "
"groupes n'est autorisée que dans le domaine local\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Les membres du groupe doivent être dans le même domaine que le groupe "
"parent\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1565,42 +1603,42 @@ msgstr ""
"Impossible de trouver le groupe %1$s dans le domaine local, seuls les "
"groupes du domaine local sont autorisés\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Impossible de modifier le groupe - vérifier que les noms des groupes membres "
"sont corrects\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Impossible de modifier le groupe - vérifier que le nom du groupe est "
"correct\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sGroup: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magie privée"
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$s GID numéro : %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "Utilisateurs membres de %1$s :"
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1609,7 +1647,7 @@ msgstr ""
"\n"
"%1$s est membre de : "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1618,15 +1656,15 @@ msgstr ""
"\n"
"Groupes membres de %1$s : "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Afficher les membres du groupe indirects récursivement"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Définir le groupe à afficher\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1634,7 +1672,7 @@ msgstr ""
"Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé "
"que dans le domaine local.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Erreur interne. Impossible d'afficher le groupe.\n"
@@ -1654,61 +1692,61 @@ msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur"
msgid "Kill users' processes before removing him"
msgstr "Tuer les processus de l'utilisateur avant de le supprimer"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Définir l'utilisateur à supprimer\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
"L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le "
"domaine\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa "
"suppression.\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
"Impossible de savoir si l'utilisateur était connecté sur cette plateforme"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Erreur en vérifiant si l'utilisateur était connecté\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "La commande post-suppression a échoué : %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
"Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le "
"propriétaire\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Aucun utilisateur dans le domaine local. La suppression des utilisateurs "
"n'est autorisée que dans le domaine local.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n"
@@ -1732,11 +1770,11 @@ msgstr "Verrouiller le compte"
msgid "Unlock the account"
msgstr "Déverrouiller le compte"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Spécifier l'utilisateur à modifier\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1744,90 +1782,90 @@ msgstr ""
"Impossible de trouver l'utilisateur dans le domaine local, la modification "
"des utilisateurs n'est autorisée que dans le domaine local\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont "
"corrects\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du "
"groupe ?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "Impossible d'invalider %1$s"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "Impossible d'invalider %1$s %2$s"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
#, fuzzy
msgid "Invalidate all cached entries except for sudo rules"
msgstr "Invalider toutes les entrées en cache hors règles sudo"
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Invalider un utilisateur spécifique"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Invalider tous les utilisateurs"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Invalider un groupe particulier"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Invalider tous les groupes"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "Invalider un groupe réseau particulier"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "Invalider tous les groupes réseau"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Invalidation d'un service particulier"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Invalidation de tous les services"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "Invalidation d'une carte autofs particulière"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "Invalidation de toutes les cartes autofs"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "N'invalider des entrées que d'un domaine spécifique"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr "Merci de sélectionner au moins un objet à invalider\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1837,7 +1875,7 @@ msgstr ""
"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
"--domain/-d.\n"
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
@@ -1853,13 +1891,13 @@ msgstr "Définir le niveau de débogage à utiliser\n"
msgid "Only one argument expected\n"
msgstr "Un seul argument est attendu\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Mémoire saturée\n"
@@ -1868,7 +1906,7 @@ msgstr "Mémoire saturée\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s doit être lancé en tant que root\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
"Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie "
diff --git a/po/hu.po b/po/hu.po
index 53c33d748..05631bdd1 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
@@ -19,1105 +19,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Elindítandó SSSD szolgáltatások"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott felhasználók"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott csoportok"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hány sikertelen bejelentkezés engedélyezett offline állapotban"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Azonosító-kiszolgáló"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Legkisebb felhasználói azonosító"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Legnagyobb felhasználói azonosító"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Azonosítók gyorsítótárazása offline használathoz"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Jelszó hash-ek tárolása"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Bejegyzés-gyorsítótár érvényessége (másodperc)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-tartomány"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA kiszolgáló címe"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA kliens hosztneve"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos-kiszolgáló címe"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos-tartomány"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Időtúllépés azonosításkor"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, az LDAP szerver URI-ja"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Alapértelmezett LDAP alap-DN-je"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Az LDAP szerveren használt séma-típus, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Az alapértelmezett bind DN"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "A kapcsolódási próbálkozás időtartama"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "A CA tanusítványokat tartalmazó fájl"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "TLS tanusítvány ellenőrzése"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "TLS megkövetelése ID keresésekor"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "GECOS attribútum"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Shell attribútum"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID attribútum"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Teljes név"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "memberOf attribútum"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Csoport neve"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Csoport jelszava"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Alapértelmezett shell, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Időbélyegek a hibakeresési kimenetben"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Mikroszekundum pontosságú időbélyegek"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1145,74 +1174,80 @@ msgstr "Hiba lépett fel, de nem érhetőek el részletek."
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "A jelszavak nem egyeznek"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "A jelszó root általi visszaállítása nem támogatott."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Azonosítva gyorsítótárazott adatbázisból"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", a gyorsítótárazott jelszó lejár ekkor: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "A bejelentkezés tiltott eddig:"
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "A jelszó megváltoztatása nem sikerült."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Szerver üzenete:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Új jelszó:"
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Jelszó mégegyszer: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Jelszó: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Jelenlegi jelszó:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "A jelszava lejárt, változtass meg most."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1221,11 +1256,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1293,93 +1328,93 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Nem lehet beállítani az alapértékeket\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "A megadott UID kívül esik a megengedett tartományon\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Nem áll rendelkezésre információ a felhasználóról\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"A felhasználó könyvtára már létezik, a skel könyvtár tartalmát nem másolom "
"bele\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Tranzakcióhiba történt, nem lehetett létrehozni a felhasználót.\n"
@@ -1387,50 +1422,50 @@ msgstr "Tranzakcióhiba történt, nem lehetett létrehozni a felhasználót.\n"
msgid "The GID of the group"
msgstr "A csoport GID-je"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1442,92 +1477,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1547,52 +1582,52 @@ msgstr "Nem a felhasználó tulajdonában lévő fájlok törlése"
msgid "Kill users' processes before removing him"
msgstr "Felhasználó programjainak kilövése az eltávolítás előtt"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Adja meg a törlendő felhasználót\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Belső hiba történt, nem lehetett eltávolítani a felhasználót.\n"
@@ -1616,102 +1651,102 @@ msgstr "Fiók zárolása"
msgid "Unlock the account"
msgstr "Fiók feloldása"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Adja meg a módosítandó felhasználót\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Tranzakcióhiba történt, a felhasználó nem módosítható.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1727,12 +1762,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Elfogyott a memória\n"
@@ -1741,6 +1776,6 @@ msgstr "Elfogyott a memória\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/id.po b/po/id.po
index c4f9dc06e..285f20bd3 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
@@ -17,1105 +17,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Mengatur verbosity dari pencatatan debug"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Sertakan cap waktu di pencatatan debug"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Menulis pesan debug ke berkas log"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Perintah untuk memulai layanan"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Jumlah usaha yang dilakukan untuk mencoba koneksi ke Penyedia Data"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Layanan SSSD akan dijalankan"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Domain SSSD akan dijalankan"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Pengguna yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grup yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Haruskah pengguna yang disaring muncul dalam grup"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Penyedia identitas"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Penyedia otentikasi"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Penyedia kontrol akses"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Penyedia pengubah kata sandi"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "ID pengguna minimum"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "ID pengguna maksimum"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Domain IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Alamat server IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Nama host klien IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Alamat server Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI server LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Membutuhkan verifikasi sertifikat TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Tentukan mekanisme sasl yang digunakan"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Keytab layanan Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Lingkup pencarian pengguna"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Atribut GID Primer"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Atribut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Atribut direktori Home"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Atribut utama pengguna (untuk Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Nama Lengkap"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Shell default, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1143,74 +1172,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Kata sandi tidak cocok"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Perubahan kata sandi gagal."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Pesan server:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Kata Sandi Baru: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Masukkan lagi kata sandi baru:"
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Kata sandi:"
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Kata sandi saat ini:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1219,11 +1254,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1291,92 +1326,92 @@ msgstr "Tentukan direktori kerangka alternatif"
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Tentukan pengguna untuk ditambahkan\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Gagal saat menginisialisasi perkakas\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Domain yang ditentukan dalam FQDN tidak valid\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Terjadi kesalahan internal ketika mengurai parameter\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Grup harus berada dalam domain yang sama dengan pengguna\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Tidak dapat menetapkan nilai default\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "UID yang dipilih berada di luar rentang yang diizinkan\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Tidak bisa mendapatkan info tentang pengguna\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Direktori home milik pengguna sudah ada, tidak menyalin data dari skeldir\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Tidak dapat mengalokasikan ID untuk pengguna - domain penuh?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Pengguna atau grup dengan nama atau ID yang sama sudah ada\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Kesalahan transaksi. Tidak dapat menambahkan pengguna.\n"
@@ -1384,44 +1419,44 @@ msgstr "Kesalahan transaksi. Tidak dapat menambahkan pengguna.\n"
msgid "The GID of the group"
msgstr "GID grup"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Tentukan grup untuk ditambahkan\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "GID yang dipilih berada di luar rentang yang diizinkan\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Tidak dapat mengalokasikan ID untuk grup - domain penuh?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Grup dengan nama atau GID yang sama sudah ada\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Kesalahan transaksi. Tidak dapat menambahkan grup.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1429,7 +1464,7 @@ msgstr ""
"Tidak ada grup seperti itu di domain lokal. Menghapus grup hanya "
"diperbolehkan dalam domain lokal.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Kesalahan internal. Tidak dapat menghapus grup.\n"
@@ -1441,15 +1476,15 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Tentukan grup untuk dimodifikasi\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1457,81 +1492,81 @@ msgstr ""
"Tidak dapat menemukan grup di domain lokal, memodifikasi grup hanya "
"diperbolehkan dalam domain lokal\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Anggota kelompok harus berada dalam domain yang sama sebagaimana kelompok "
"induknya\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Tidak bisa memodifikasi grup - periksa apakah nama grup anggota sudah benar\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr "Tidak bisa memodifikasi grup - periksa apakah groupname sudah benar\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Kesalahan transaksi. Tidak bisa memodifikasi grup.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1551,54 +1586,54 @@ msgstr "Paksa penghapusan berkas yang tidak dimiliki oleh pengguna"
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Tentukan pengguna yang akan dihapus\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "Tidak menghapus home dir - tidak dimiliki oleh pengguna\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Tidak ada pengguna seperti itu di domain lokal. Menghapus pengguna hanya "
"diperbolehkan dalam domain lokal.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Kesalahan internal. Tidak dapat menghapus pengguna.\n"
@@ -1622,11 +1657,11 @@ msgstr "Kunci akun"
msgid "Unlock the account"
msgstr "Buka kunci akun"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Tentukan pengguna untuk dimodifikasi\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1634,94 +1669,94 @@ msgstr ""
"Tidak dapat menemukan pengguna dalam domain lokal, memodifikasi pengguna "
"hanya diperbolehkan dalam domain lokal\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Tidak bisa memodifikasi pengguna - periksa apakah nama grup sudah benar\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Tidak bisa memodifikasi pengguna - pengguna sudah menjadi anggota kelompok?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Kesalahan transaksi. Pengguna tidak dapat dimodifikasi.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1737,12 +1772,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Kehabisan memori\n"
@@ -1751,6 +1786,6 @@ msgstr "Kehabisan memori\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/it.po b/po/it.po
index a80a19c52..8c4aaa898 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
@@ -18,152 +18,152 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Imposta il livello di dettaglio dei messaggi di debug"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Includi i timestamp nei log"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Scrivere i messaggi di debug nei file di log"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Timeout di ping per il riavvio del servizio"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Comando per avviare il servizio"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Numero di tentativi di connessione ai data providers"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Avvio dei servizi SSSD"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Avvio dei domini SSSD"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout dei messaggi inviati sul SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Regex per il parsing di nome utente e dominio"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatibile con printf per la visualizzazione di nomi completi"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Durata timeout per la cache enumeration (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Durata timeout aggiornamento cache in background (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Durata timeout negative cache (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Utenti che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Gruppi che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Specifica se mostrare gli utenti filtrati nei gruppi"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
"Il valore del campo password che deve essere ritornato dal provider NSS"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr "Per quanto tempo accettare login in cache tra login online (giorni)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Numero di tentativi di login falliti quando offline"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -171,962 +171,991 @@ msgstr ""
"Per quanto tempo (minuti) negare i tentativi di login dopo che "
"offline_failed_login_attemps è stato raggiunto"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Provider di identità"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Provider di autenticazione"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Provider di access control"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Provider di cambio password"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "ID utente minimo"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "ID utente massimo"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Salvare in cache le credenziali per login offline"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Salvare gli hash delle password"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrare utenti/gruppi in formato fully-qualified"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Durata timeout elementi in cache (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione "
"di lookup DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto "
"successo (giorni)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Il tempo di attesa per le richieste DNS (secondi)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti "
"DNS dinamici."
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Indirizzo del server IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Hostname del client IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Filtro LDAP per determinare i privilegi di accesso"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Indirizzo del server Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Timeout di autenticazione"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Directory in cui salvare le credenziali"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Percorso della cache delle credenziali utente"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Percorso del keytab per la validazione delle credenziali"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Intervallo di tempo tra due controlli di rinnovo"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Abilita FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'indirizzo del server LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Il base DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Il bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Il token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Durata del tentativo di connessione"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durata tra tentativi di riconnessione quando offline"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Usare solo maiuscole per i nomi dei realm"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "File contenente i certificati CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Percorso della directory dei cerficati della CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "File contenente il certificato client"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "File contenente la chiave client"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Lista delle possibili cipher suite"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Richiedere la verifica del certificato TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Specificare il meccanismo sasl da usare"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Keytab del servizio Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Seguire i referral LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Metodo di deferenziazione degli alias"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Intervallo di tempo per la pulizia cache"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Richiedere TLS per gli ID lookup"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Ambito di applicazione dei lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Attributo del GID primario"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Attributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Attributo della home directory"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Attributo user principal (per Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Nome completo"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Politica per controllare la scadenza della password"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Filtro LDAP per determinare i privilegi di accesso"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Lista separata da virgola degli utenti abilitati"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Lista separata da virgola degli utenti non abilitati"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Shell predefinita, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Base delle home directory"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Il nome della libreria NSS da usare"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Stack PAM da usare"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Esegui come demone (default)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Esegui interattivamente (non come demone)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Specificare un file di configurazione specifico"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Livello debug"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Includi timestamp di debug"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Un descrittore di file aperto per l'output di debug"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del provider di informazioni (obbligatorio)"
@@ -1154,74 +1183,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Le password non coincidono"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Autenticato con le credenziali nella cache"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", la password in cache scadrà il: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "L'autenticazione verrà negata fino al: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Il sistema è offline, non è possibile richiedere un cambio password"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Cambio password fallito."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Messaggio del server:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nuova password: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Conferma nuova password: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Password: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Password corrente: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Password scaduta. Cambiare la password ora."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Il livello di debug da utilizzare"
@@ -1230,11 +1265,11 @@ msgstr "Il livello di debug da utilizzare"
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Errore di impostazione del locale\n"
@@ -1302,93 +1337,93 @@ msgstr "Specificare una directory skeleton alternativa"
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Specificare un utente da aggiungere\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Errore durante l'inizializzazione degli strumenti - nessun dominio\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Errore durante l'inizializzazione degli strumenti - nessun dominio\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Errore durante l'inizializzazione degli strumenti\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Il dominio specificato nel FQDN non è valido\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Errore interno nel parsing dei parametri\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "I gruppi devono essere nello stesso dominio dell'utente\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Impossibile impostare i valori predefiniti\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "L'UID specificato non rientra nel range permesso\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Impossibile determinare le informazioni dell'utente\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"La directory home dell'utente esiste, non vengono copiati dati dalla "
"directory skeleton\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Impossibile allocare l'ID utente - dominio pieno?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Utente o gruppo con lo stesso nome o ID già presente\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Errore nella transazione. L'utente non è stato aggiunto.\n"
@@ -1396,44 +1431,44 @@ msgstr "Errore nella transazione. L'utente non è stato aggiunto.\n"
msgid "The GID of the group"
msgstr "Il GID del gruppo"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Specificare un gruppo da aggiungere\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Il GID specificato non è nel range permesso\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Impossibile allocare l'ID per il gruppo - dominio pieno?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Gruppo con lo stesso nome o GID già esistente\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Errore della transazione. Impossibile aggiungere il gruppo.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Specificare il gruppo da eliminare\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1441,7 +1476,7 @@ msgstr ""
"Gruppo non presente nel dominio locale. L'eliminazione di gruppi è permessa "
"solo nel dominio locale.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Errore interno. Impossibile rimuovere il gruppo.\n"
@@ -1453,15 +1488,15 @@ msgstr "Gruppi a cui aggiungere questo gruppo"
msgid "Groups to remove this group from"
msgstr "Gruppi da cui eliminare questo gruppo"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Specificare il gruppo da modificare\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1469,77 +1504,77 @@ msgstr ""
"Gruppo non presente nel dominio locale. La modifica dei gruppi è permessa "
"solo nel dominio locale.\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"I gruppi membri devono appartenere allo stesso dominio del gruppo radice\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Impossibile modificare il gruppo - controllare che i nomi dei gruppi siano "
"corretti\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Impossibile modificare il gruppo - controllare che il nome del gruppo sia "
"corretto\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Errore della transazione. Impossibile modificare il gruppo.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magic Private "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Mostra ricorsivamente i membri indiretti del gruppo"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Specificare il gruppo da mostrate\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1547,7 +1582,7 @@ msgstr ""
"Gruppo non presente nel dominio locale. La stampa dei gruppi è permessa solo "
"nel dominio locale.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Errore interno. Impossibile stampare il gruppo.\n"
@@ -1567,54 +1602,54 @@ msgstr "Forza la rimozione dei file non di proprietà dell'utente"
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Specificare l'utente da cancellare\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "Home directory non eliminata - non appartiene all'utente\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Utente non presente nel dominio locale. L'eliminazione degli utenti è "
"permessa solo nel dominio locale.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Errore interno. Impossibile rimuovere l'utente.\n"
@@ -1638,11 +1673,11 @@ msgstr "Bloccare l'account"
msgid "Unlock the account"
msgstr "Sbloccare l'account"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Specificare l'utente da modificare\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1650,94 +1685,94 @@ msgstr ""
"Utente non presente nel dominio locale. La modifica degli utenti è permessa "
"solo nel dominio locale.\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Impossibile modificare l'utente - controllare che i nomi dei gruppi siano "
"corretti\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr "Impossibile modificare l'utente - utente già membro di gruppi?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Errore nella transazione. Impossibile modificare l'utente.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1753,12 +1788,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Memoria esaurita\n"
@@ -1767,6 +1802,6 @@ msgstr "Memoria esaurita\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Redirigere l'output di debug su file anzichè stderr"
diff --git a/po/ja.po b/po/ja.po
index cf82afb4c..014de775c 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-08-27 03:30+0000\n"
"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
@@ -18,68 +18,68 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "デバッグのロギングの冗長性を設定する"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "デバッグログにタイムスタンプを含める"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "デバッグメッセージをログファイルに書き込む"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "サービス再起動前の Ping タイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr "3 回 の ping チェック失敗とサービスの強制停止のタイムアウト間隔"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "サービス開始のコマンド"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "データプロバイダーの接続を試行する回数"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr "このレスポンダーににより開かれるファイル記述子の数"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr "クライアントの自動切断までのアイドル時間"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "開始する SSSD サービス"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "開始する SSSD ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "SBUS 経由のメッセージ送信のタイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "ユーザー名とドメインを構文解析する正規表現"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "完全修飾名を表示するための printf 互換の形式"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -87,64 +87,64 @@ msgstr ""
"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
"クトリです。"
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "domain 要素なしで追加するドメインの名前。"
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "列挙キャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "ネガティブキャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するユーザー"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するグループ"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "フィルターされたユーザーをグループに表示する"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "NSS プロバイダーが返すパスワード項目の値"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え"
"ます"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "ユーザーがログインを許可されるシェルの一覧"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -152,459 +152,486 @@ msgstr ""
"中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、この"
"フォールバックを使用する"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "メモリー内のキャッシュレコードが有効な期間"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "オフラインのときに許容されるログイン試行失敗回数"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr "認証中にユーザーに表示されるメッセージの種類"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr "警告が表示されるパスワード失効前の日数"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "アイデンティティプロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "認証プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "アクセス制御プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "パスワード変更プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "SUDO プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Autofs プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "セッション読み込みプロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "ホスト識別プロバイダー"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "最小ユーザー ID"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "最大ユーザー ID"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "すべてのユーザー・グループの列挙を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "オフラインログインのためにクレディンシャルをキャッシュする"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "パスワードハッシュを保存する"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "ユーザー・グループを完全修飾形式で表示する"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "グループ検索にグループメンバーを含めない"
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "エントリーキャッシュのタイムアウト長(秒)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "サービス検索 DNS クエリーのドメイン部分"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "クライアントの DNS 項目を更新後、適用する TTL"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "動的 DNS 更新のために使用される IP のインターフェース"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr "DNS 更新を実行するために使用すべき認証の種類"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+#, fuzzy
+msgid "How often should subdomains list be refreshed"
+msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "バックアップ IPA サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA クライアントのホスト名"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "HBAC 関連オブジェクトの検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "DENY ルールが存在すると、DENY_ALL または IGNORE です"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "この IPA クライアントが使用している automounter の場所"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr "DNS サイトの有効化 - 位置にサービス探索"
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Active Directory ドメイン"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Active Directory サーバーアドレス"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Active Directory バックアップサーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Active Directory クライアントホスト名"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "アクセス権限を決めるための LDAP フィルター"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos サーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Kerberos バックアップサーバーのアドレス"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos レルム"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "認証のタイムアウト"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr "kdcinfo ファイルを作成するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "クレディンシャルのキャッシュを保存するディレクトリー"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "ユーザーのクレディンシャルキャッシュの位置"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "クレディンシャルを検証するキーテーブルの場所"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "クレディンシャルの検証を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "更新可能な TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "更新を確認する間隔"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "FAST を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "FAST に使用するプリンシパルを選択する"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "プリンシパル正規化を有効にする"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr "エンタープライズ・プリンシパルの有効化"
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "デフォルトのベース DN"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "LDAP サーバーにおいて使用中のスキーマ形式, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "デフォルトのバインド DN"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークンの種類"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークン"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "接続を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "LDAP 同期操作を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "オフラインの間に再接続を試行する時間"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "レルム名に対して大文字のみを使用する"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "CA 証明書を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "CA 証明書のディレクトリーのパス"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "クライアント証明書を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "クライアントの鍵を含むファイル"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "利用可能な暗号の一覧"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "TLS 証明書の検証を要求する"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "使用する SASL メカニズムを指定する"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "使用する SASL 認可 ID を指定する"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "使用する SASL 認可レルムを指定する"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "LDAP SASL 認可の最小 SSF を指定する"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Kerberos サービスのキーテーブル"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "LDAP リフェラルにしたがう"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "LDAP 接続の TGT の有効期間"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "エイリアスを参照解決する方法"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "DNS サービス検索のサービス名"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "単一の LDAP 問い合わせにおいて取得するレコード数"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -612,372 +639,376 @@ msgstr ""
"LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す"
"るかどうか"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "entryUSN 属性"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "lastUSN 属性"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "LDAP ページング制御を無効化する"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr "Active Directory 範囲の取得の無効化"
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "検索要求を待つ時間"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "列挙の要求を待つ時間"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "列挙の更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "キャッシュをクリーンアップする間隔"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "ID 検索に TLS を要求する"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "ユーザー検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "ユーザー検索の範囲"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "ユーザー検索のフィルター"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "ユーザーのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "ユーザー名の属性"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "UID の属性"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "プライマリー GID の属性"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "GECOS の属性"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "ホームディレクトリの属性"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "シェルの属性"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID の属性"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "objectSID 属性"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "氏名"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "memberOf 属性"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "shadowLastChange 属性"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "shadowMin 属性"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "shadowMax 属性"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "shadowWarning 属性"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "shadowInactive 属性"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "shadowExpire 属性"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "shadowFlag 属性"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "認可された PAM サービスを一覧化する属性"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "認可されたサーバーホストを一覧化する属性"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange 属性"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration 属性"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "AD の accountExpires 属性"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "AD の userAccountControl 属性"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "nsAccountLock 属性"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "NDS の loginDisabled 属性"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "NDS の loginExpirationTime 属性"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "NDS の loginAllowedTimeMap 属性"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "SSH 公開鍵の属性"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "グループ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "グループのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "グループ名"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "グループのパスワード"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "GID 属性"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "グループメンバー属性"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "グループ UUID 属性"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "グループの変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "SSSd がしたがう最大入れ子レベル"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "ネットグループ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "ネットグループのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "ネットグループ名"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "ネットグループメンバーの属性"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "ネットグループの三つ組の属性"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "ネットグループ UUID の属性"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "ネットグループの変更日時の属性"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "サービス検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "サービスのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "サービス名の属性"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "サービスポートの属性"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "サービスプロトコルの属性"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "ID マッピングの下限"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "ID マッピングの上限"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr "ID マッピングするとき、各スライスに対する ID の数"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "ID マッピングに対するデフォルトドメインの名前"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "ID マッピングに対するデフォルトドメインの SID"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "グループ検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "初期グループの検索のために LDAP_MATCHING_RULE_IN_CHAIN を使用します"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "LDAP サーバーから許可される ID の下限の設定"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "LDAP サーバーから許可される ID の上限の設定"
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "パスワード失効の評価のポリシー"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "アクセス権限を決めるための LDAP フィルター"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr "どのルールがアクセス制御を評価するために使用されるか"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "sudo ルール検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "自動的な完全更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "自動的なスマート更新間隔"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう"
"か"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -985,153 +1016,153 @@ msgstr ""
"sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン"
"名"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット"
"ワーク"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "sudo ルールのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "sudo ルール名"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "sudo ルールのコマンドの属性"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "sudo ルールのホストの属性"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "sudo ルールのユーザーの属性"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "sudo ルールのオプションの属性"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "sudo ルールの runasuser の属性"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "sudo ルールの runasgroup の属性"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "sudo ルールの notbefore の属性"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "sudo ルールの notafter の属性"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "sudo ルールの order の属性"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "automounter マップのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "オートマウントのマップ名の属性"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "automounter マップエントリーのオブジェクトクラス"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "automounter マップエントリーのキー属性"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "automounter マップエントリーの値属性"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "automonter のマップ検索のベース DN"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "許可ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "禁止ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "デフォルトのシェル, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "ホームディレクトリーのベース"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "使用する NSS ライブラリーの名前"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "使用する PAM スタック"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "デーモンとして実行(デフォルト)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "対話的に実行(デーモンではない)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "非標準の設定ファイルの指定"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "バージョン番号を表示して終了する"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "デバッグレベル"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "デバッグのタイムスタンプを追加する"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "タイムスタンプをミリ秒単位で表示する"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "デバッグログのオープンファイルディスクリプター"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "情報プロバイダーのドメイン (必須)"
@@ -1159,74 +1190,80 @@ msgstr "エラーが発生しましたが、説明がありませんでした。
msgid "Unexpected error while looking for an error description"
msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "パスワードが一致しません"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "root によるパスワードのリセットはサポートされません。"
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "キャッシュされているクレディンシャルを用いて認証されました"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr "、キャッシュされたパスワードが失効します: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "あなたのパスワードは %1$d %2$s に危険が切れます。"
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "次まで認証が拒否されます: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "システムがオフラインです、パスワード変更ができません"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "パスワードの変更に失敗しました。 "
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "サーバーのメッセージ: "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "新しいパスワード: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "新しいパスワードの再入力: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "パスワード: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "現在のパスワード: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "実行するデバッグレベル"
@@ -1235,11 +1272,11 @@ msgstr "実行するデバッグレベル"
msgid "The SSSD domain to use"
msgstr "使用する SSSD ドメイン"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "ロケールの設定中にエラーが発生しました\n"
@@ -1307,94 +1344,94 @@ msgstr "代替のスケルトンディレクトリーを指定する"
msgid "The SELinux user for user's login"
msgstr "ユーザーのログインに対する SELinux ユーザー"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "追加するグループを指定してください\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "追加するユーザーを指定してください\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
+#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
+#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
+#: src/tools/sss_usermod.c:130
msgid "Error initializing the tools - no local domain\n"
msgstr ""
"ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n"
-#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
-#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
-#: src/tools/sss_usermod.c:130
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "ツールを初期化中にエラーが発生しました\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "FQDN で指定されたドメインが無効です\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "パラメーターを解析中に内部エラーが発生しました\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "グループがユーザーと同じドメインになければいけません\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr "ローカルドメインにグループ %1$s を見つけられません\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "デフォルト値を設定できません\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "選択された UID は許容される範囲を越えています\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "SELinux ログインコンテキストを設定できません\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "ユーザーに関する情報を取得できません\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーか"
"らデータをコピーしません\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr "ユーザーのメールスプールを作成できません: %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n"
@@ -1402,45 +1439,45 @@ msgstr "トランザクションエラー。ユーザーを追加できません
msgid "The GID of the group"
msgstr "グループの GID"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "追加するグループを指定してください\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "選択された GID は許容される範囲を越えています\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "同じ名前または GID を持つグループがすでに存在します\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "トランザクションエラー。グループを追加できませんでした。\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "削除するグループを指定してください\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1448,7 +1485,7 @@ msgstr ""
"そのようなグループはローカルドメインにありません。グループの削除はローカルド"
"メインにおいてのみ許可されます。\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "内部エラー。グループを削除できませんでした。\n"
@@ -1460,15 +1497,15 @@ msgstr "このグループに追加するグループ"
msgid "Groups to remove this group from"
msgstr "このグループから削除するグループ"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "削除するグループを指定してください\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "変更するグループを指定してください\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1476,12 +1513,12 @@ msgstr ""
"ローカルドメインにグループが見つかりませんでした。グループの変更はローカルド"
"メインにおいてのみ許可されます\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr "メンバーグループが親グループと同じドメインにある必要があります\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1490,41 +1527,41 @@ msgstr ""
"ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグ"
"ループのみが許可されます\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"グループを変更できませんでした - メンバーグループ名が正しいかを確認してくださ"
"い\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"グループを変更できませんでした - グループ名が正しいかを確認してください\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "トランザクションエラー。グループを変更できませんでした。\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$s グループ: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "マジックプライベート "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$s GID 番号: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "%1$s メンバーユーザー: "
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1533,7 +1570,7 @@ msgstr ""
"\n"
"%1$s は次のメンバー: "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1542,15 +1579,15 @@ msgstr ""
"\n"
"%1$s メンバーグループ: "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "間接グループメンバーを再帰的に表示する"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "表示するグループを指定してください\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1558,7 +1595,7 @@ msgstr ""
"そのようなグループはローカルドメインにありません。グループの表示はローカルド"
"メインにおいてのみ許可されます。\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "内部エラー。グループを表示できませんでした。\n"
@@ -1578,57 +1615,57 @@ msgstr "ユーザーにより所有されていないファイルの強制削除
msgid "Kill users' processes before removing him"
msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "削除するユーザーを指定する\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "SELinux ログインコンテキストをリセットできません\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
"ユーザーがこのプラットフォームにログインしていたかを確認できませんでした"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "削除後コマンドの実行に失敗しました: %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
"ホームディレクトリーを削除していません - ユーザーにより所有されていません\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "ホームディレクトリーを削除できません: %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメ"
"インにおいてのみ許可されます。\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "内部エラー。ユーザーを削除できませんでした。\n"
@@ -1652,11 +1689,11 @@ msgstr "アカウントをロックする"
msgid "Unlock the account"
msgstr "アカウントをロック解除する"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "変更するユーザーを指定してください\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1664,88 +1701,88 @@ msgstr ""
"ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメイ"
"ンにおいてのみ許可されます。\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "%1$s を無効化できませんでした"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "%1$s %2$s を無効化できませんでした"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
#, fuzzy
msgid "Invalidate all cached entries except for sudo rules"
msgstr "sudo ルール以外の全キャッシュ項目の無効化"
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "特定のユーザーを無効にする"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "すべてのユーザーを無効にする"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "特定のグループを無効にする"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "すべてのグループを無効にする"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "特定のネットワークグループを無効にする"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "すべてのネットワークグループを無効にする"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "特定のサービスの無効化"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "すべてのサービスの無効化"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "特定の autofs マップの無効化"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "すべての autofs マップの無効化"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "特定のドメインのみからエントリーを無効にする"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1754,7 +1791,7 @@ msgstr ""
"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) "
"であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。\n"
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "利用可能なドメインを開けませんでした\n"
@@ -1770,13 +1807,13 @@ msgstr "設定したいデバッグレベルを指定する\n"
msgid "Only one argument expected\n"
msgstr "引数が一つのみ期待されます\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
"名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "メモリー不足\n"
@@ -1785,6 +1822,6 @@ msgstr "メモリー不足\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s は root として実行する必要があります\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "デバッグ出力を標準エラーの代わりにファイルに送信する"
diff --git a/po/nb.po b/po/nb.po
index 76cc32b0a..2d6c69731 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -18,1105 +18,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "SSSD-tjenester som skal startes"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "SSSD-domener som skal startes"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Tidsavbrudd for meldinger som sendes over SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Identitetstilbyder"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Autentiseringstilbyder"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Tilgangskontrolltilbyder"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Passordbyttetilbyder"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Minste bruker-ID"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Største bruker-ID"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-domene"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA-tjeneradresse"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Vertsnavn for IPA-klient"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Tjeneradresse for Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos-område"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Tidsavbrudd for autentisering"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1144,74 +1173,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1220,11 +1255,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1292,91 +1327,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1384,50 +1419,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1439,92 +1474,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1544,52 +1579,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1613,102 +1648,102 @@ msgstr ""
msgid "Unlock the account"
msgstr ""
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1724,12 +1759,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1738,6 +1773,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/nl.po b/po/nl.po
index 81b9af811..e2d98db5b 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -12,7 +12,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-31 11:30+0000\n"
"Last-Translator: Geert Warrink <geert.warrink@onsnet.nu>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/"
@@ -23,71 +23,71 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Stel de verbositeit van de debug statements in"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Neem tijdstempels op in de debug logs"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr "Voeg microseconden aan tijdstempel is debug log"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Schrijf debug berichten naar logbestanden"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Ping timeout voordat service herstart is"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Time-out tussen drie mislukte ping checks en de service dwingend te stoppen "
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Commando om service te starten"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Aantal pogingen naar de Data Providers te verbinden"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Het aantal bestand descriptors die door deze beantwoorder geopend mogen "
"worden"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr "Duur van inactiviteit voor het automatisch loskoppelen van een cliënt"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "SSSD Services die gestart moeten worden"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "SSSD Domeinen die gestart moeten worden"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout voor berichten die over SBUS worden verzonden"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Reguliere expressie om gebruikersnamen en domeinen te ontleden"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-compatibel formaat voor het tonen van namen in volledige vorm"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -95,66 +95,66 @@ msgstr ""
"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
"opslaan."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "Domein toe te voegen aan namen zonder een domein component."
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Enumeratie cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Entry cache achtergrond update timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Negatieve cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Gebruikers die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groepen die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Dienen gefilterde gebruikers zichtbaar te zijn in groepen"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "De waarde van het wachtwoordveld die de NSS aanbieder terug moet geven"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Overschrijf homedir waarde van de identiteit aanbieder met deze waarde "
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Vervang lege persoonlijke map waarde van de eindentiteitsaanbieder met deze "
"waarde"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "Overschrijf shell waarde van identiteit provider met deze waarde"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "De lijst van shells waarmee ingelogd kan worden"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"De lijst van shells die verboden zijn, en vervangen door de fallback shell"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -162,23 +162,23 @@ msgstr ""
"Als een shell opgeslagen in de centrale map toegestaan is, maar niet "
"beschikbaar, gebruik dan deze"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "Te gebruiken shell als de aanbieder er geen aangeeft "
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "Hoe lang zullen cache records in het geheugen geldig blijven"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr "Hoe lang zijn cached logins toegestaan tussen online logins (in dagen)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hoe veel mislukte inlogpogingen zijn toegestaan in offline-modus"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -186,34 +186,34 @@ msgstr ""
"Hoe lang (in minuten) logins weigeren nadat offline_failed_login_attempts is "
"bereikt"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Welke boodschappen worden aan de gebruiker getoond tijdens authenticatie"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden "
"voor PAN aanvragen"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Hoeveel dagen voor het verlopen van het wachtwoord moet een waarschuwing "
"getoond worden"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Of de tijd-gebaseerde attributen in sudo regels moeten worden geëvalueerd"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Moeten host namen en adressen gehashd worden in het known_hosts bestand"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -221,188 +221,204 @@ msgstr ""
"Hoeveel seconden moet een host in het known_hosts bestand blijven nadat de "
"host sleutels ervan werden aangevraagd"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Lijst met UID's of gebruikersnamen waarvoor toegang tot de PAC responder "
"toegestaan is"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+"Lijst met UID's of gebruikersnamen waarvoor toegang tot de PAC responder "
+"toegestaan is"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Identiteitaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Authentiecatieaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Toegangscontroleaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Wachtwoordwijzigingsaanbieder"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "SUDO provider"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Autofs provider"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Session-loading provider"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Host identity provider"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Minimum gebruiker ID"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Maximum gebruiker ID"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Schakel enumeratie van alle gebruikers/groepen"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Cache inloggegevens voor offline gebruik"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Sla vingerafdrukken van wachtwoorden op"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Laat gebruikers/groepen in volledige vorm zien"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "Neem groepsleden niet mee in groep zoekacties"
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Entry cache timeout duur (in seconden)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-"
"lookups uitgevoerd worden"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in "
"seconden)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Het domeingedeelte van DNS queries die service discovery uitvoeren"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "Overschrijf GID waarde van de identiteit aanbieder met deze waarde"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Behandel gebruikersnamen als hoofdlettergevoelig"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr "Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden"
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
"De TTL die toegepast moet worden op de DNS ingang van de cliënt na het "
"vernieuwen hiervan"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken "
"van de DNS"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr "Hoe vaak de DNS ingang van de client periodiek vernieuwd moet worden"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr "Of de provider ook de PTR record expliciet moet vernieuwen"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Of het nsupdate hulpprogramma standaard TCP moet gebruiken"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Welke soort authenticatie moet gebruikt worden om de DNS vernieuwing uit te "
"voeren"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+#, fuzzy
+msgid "How often should subdomains list be refreshed"
+msgstr "Hoe vaak moeten verlopen ingangen op de achtergrond ververst worden"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-domein"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA-serveradres"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "Adres van back-up IPA server"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA-clienthostname"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in "
"FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Zoek basis voor HBAC gerelateerde objecten"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
@@ -410,248 +426,261 @@ msgstr ""
"De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de "
"IPA server"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Als DENY regels aanwezig zijn, dat DENY_ALL of IGNORE"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Als dit op false ingesteld is, wordt het host argument gegeven door PAM "
"genegeerd"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "De automounter locatie die door deze IPA client wordt gebruikt"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr "Zoek in base voor object die info over IPA domein bevat "
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr "Zoek in base voor objecten die info over ID bereiken bevat"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr "Zet DNS sites aan - locatie gebaseerde service ontdekking"
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Active Directory domein"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Active Directory server adres"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Active Directory back-up server adres"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Active Directory cliënt hostnaam"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos-serveradres"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Kerberos back-up server adres"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberos-rijk"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Authenticatie timeout"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr "Moeten kdcinfo bestanden aangemaakt worden"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Werkmap waar authenticatiegegevens opgeslagen worden"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Locatie van de authenticatiecache van de gebruiker"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Locatie van de keytab om authenticatiegegevens te valideren"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Schakel authenticatiegegevensvalidatie in"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
"Sla het wachtwoord op indien offline voor later gebruik bij online "
"authenticatie"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "Vernieuwbare levensduur van de TGT"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "Levensduur van de TGT"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Tijd tussen twee checks voor vernieuwing"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Zet FAST aan"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST "
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Zet hoofdpersoon sanctioneren aan"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr "Zet enterprise principals aan"
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, de URI van de LDAP server"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, De URI van de LDAP server"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "De standaard base DN"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "De standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Het type authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Het authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Hoe lang pogen te verbinden"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Hoe lang proberen synchroon LDAP te benaderen"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens "
"offline zijn"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Gebruik alleen hoofdletters voor gebiedsnamen"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Bestand dat de bekende CA-certificaten bevat"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Pad naar de CA-certificatenmap"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Bestand dat het client certificaat bevat"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Bestand dat de client sleutel bevat"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Lijst van mogelijke sleutel suites"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Vereis verificatie van het TLS-certificaat"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Specificeer het te gebruiken sasl autorisatiegebied "
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Kerberos service keytab"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Volg LDAP-doorverwijzingen"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Levensduur van TGT voor LDAP-connectie"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Hoe moet de alias referentie verwijderd worden"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Service naam voor DNS service opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
"Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Het aantal leden van moet ontbreken om een volledige de-referentie te "
"veroorzaken"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -659,354 +688,358 @@ msgstr ""
"Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te "
"autoriseren tijdens een SASL binding"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "entryUSN attribuut"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "lastUSN attribuut"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het "
"losgekoppeld wordt"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Het LDAP paging besturingselement uitschakelen"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr "Zet Active Directory bereik opvragen uit"
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Tijd om te wachten op een zoekopdracht"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "Tijdsduur te wachten voor een opsommingsverzoek"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Tijd om te wachten tussen enumeratie-updates"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Tijdsduur tussen cache opschoningen"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Vereis TLS voor het opzoeken van ID's"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Base DN voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Scope voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filter voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass voor gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Username-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "UID-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Primair GID-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "GECOS-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Gebruikersmap-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Shell-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "objectSID attribuut"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Active Directory primaire groep attribuut voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Userprincipal-attribuut (voor Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Volledige naam"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "memberOf-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Modification time-attribuut"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "shadowLastChange attribuut"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "shadowMin attribuut"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "shadowMax attribuut"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "shadowWarning attribuut"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "shadowInactive attribuut"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "shadowExpire attribuut"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "shadowFlag attribuut"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "Attribuut voor tonen van geautoriseerde PAM services"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Attribuut dat geautoriseerde server hosts toont"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange attribuut"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration attribuut"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "accountExpires attribuut van AD"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "userAccountControl attribuut van AD"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "nsAccountLock attribuut"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap attribuut van NDS"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "SSH publieke sleutel attribuut"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "Basis DN voor groep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "Objectklasse voor groepen"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Groepsnaam"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Groep wachtwoord"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "GID attribuut"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Groep deelnemer attribuut"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Groep UUID attribuut"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Verandertijd attribuut voor groepen"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximale nest niveau dat SSSd zal volgen"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "Basis DN voor netgroep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Objectklasse voor netgroepen"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Netgroep naam"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Netgroep leden attribuut"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Netgroep triple attibuut"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Netgroep UUID attibuut"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Verandertijd attribuut voor netgroepen"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Basis DN voor service lookups"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Objectclass voor services"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Service naam attribuut"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Service port attribuut"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Service protocol attribuut"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "Ondergrens voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "Bovengrens voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Aantal ID's voor elk segment bij ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "Naam van het standaard domein voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "SID van het standaard domein voor ID-mapping"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor groep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Gebruik LDAP_MATCHING_RULE_IN_CHAIN voor initgroep opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server"
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Policy om wacthwoordverloop mee te evalueren"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Welke attributen worden gebruikt voor evaluatie als het account verlopen is"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
"URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "DNS service naam voor LDAP wachtwoord verander server"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1014,23 +1047,23 @@ msgstr ""
"Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een "
"wachtwoordwijziging"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Basis DN voor sudo regels lookups"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "Automatische volledige ververs periode"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "Automatische slimme ververs periode"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1038,156 +1071,156 @@ msgstr ""
"Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor "
"het filteren van sudo regels"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo "
"regels"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Moeten regels toegevoegd worden die netgroep bevatten in host attribuut "
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Moeten regels toegevoegd worden die regulaire expressie bevatten in host "
"attribuut "
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Objectklasse voor sudo regels"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Sudo regelnaam"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Sudo regel opdracht attribuut"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Sudo regel host attribuut"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Sudo regel gebruiker attribuut"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Sudo regel optie attribuut"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "Sudo regel runasuser attribuut"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Sudo regel runasgroup attribuut"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Sudo regel notbefore attribuut"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Sudo regel notafter attribuut"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Sudo regel volgorde attribuut"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Object class voor automounter maps"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Automounter map naam attribuut"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Objectklasse voor automounter map ingaven"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Automounter map sleutel ingave attribuut"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Automounter map ingavewaarde attribuut"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Basis DN voor automounter kaart opzoeken"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Kommagescheiden lijst van toegestane gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Kommagescheiden lijst van geweigerde gebruikers"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Standaard shell, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Basis voor gebruikersmappen"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "De naam van de NSS-bibliotheek die gebruikt wordt"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden "
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "PAM-stack die gebruikt wordt"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Start in de achtergrond (standaard)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Start interactief (standaard)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Geef een niet-standaard configuratiebestand op"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Print versie nummer en sluit af"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Debug niveau"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Voeg tijdstempels toe aan debugberichten"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Toon tijdstempel met microseconden"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Een geopend bestand voor de debug logs"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Domein voor de informatie provider (verplicht)"
@@ -1216,75 +1249,81 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr "Onverwachtte fout bij het opzoeken van een omschrijving"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Wachtwoorden komen niet overeen"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Geauthenticeerd met gecachte inloggegevens."
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", uw wachtwoord verloopt op:"
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
"Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar."
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Je wachtwoord zal verlopen in %1$d %2$s."
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "Inloggen wordt geweigerd tot:"
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Wijzigen van wachtwoord mislukt."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Serverbericht:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nieuw Wachtwoord: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Voer nieuw wachtwoord nogmaals in: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Wachtwoord: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Huidig wachtwoord:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Het debugniveau waarmee gestart wordt"
@@ -1293,11 +1332,11 @@ msgstr "Het debugniveau waarmee gestart wordt"
msgid "The SSSD domain to use"
msgstr "Hrt te gebruiken SSSD domein"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Fout bij het zetten van de locale\n"
@@ -1365,94 +1404,94 @@ msgstr "Geef een alternatieve voorbeeldmap"
msgid "The SELinux user for user's login"
msgstr "De SELinux-gebruiker voor de login van de gebruiker"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Geef group op om toe te voegen\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Geef gebruiker op om toe te voegen\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Fout bij de initialisatie van de tools - geen lokaal domein\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Fout bij de initialisatie van de tools - geen lokaal domein\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Fout bij de initialisatie van de tools\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Verkeerd domein gespecificeerd in de FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Interne fout bij het verwerken van de parameters\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
"De groepen moeten zich in het zelfde domein als de gebruiker bevinden\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
"Kan groep %1$s niet in lokale domein vinden\n"
"\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Kan de standaardwaarden niet zetten\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "De geselecteerde UID valt buiten het toegestane bereik\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Kan de SELinux login context niet zetten\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Kan geen informatie ophalen over de gebruiker\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr "De gebruikersmap bestaat reeds, voorbeeldmap niet gekopieerd\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "Kan persoonlijk map voor gebruiker niet aanmaken: %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr "Kan mail spool voor gebruiker niet aanmaken: %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Kan geen ID vinden voor de gebruiker - zit het domein vol?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Een gebruiker of groep met een zelfde naam of ID bestaat reeds\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Transactiefout. Kan de gebruiker niet toevoegen\n"
@@ -1460,45 +1499,45 @@ msgstr "Transactiefout. Kan de gebruiker niet toevoegen\n"
msgid "The GID of the group"
msgstr "De GID van de groep"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Geef groep op om toe te voegen\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "De geselecteerde GID valt buiten het toegestane bereik\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Kan geen ID vinden voor de groep - zit het domein vol?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Een groep met een zelfde naam of GID bestaat reeds\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Transactiefout. Kan de groep niet toevoegen\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Geef groep op om te verwijderen\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "Groep %1$s ligt buiten het gedefinieerde ID gebied voor domein\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"NSS verzoek mislukte (%1$d). Ingang blijft misschien in de geheugencache.\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1506,7 +1545,7 @@ msgstr ""
"Groep niet gevonden in lokaal domein. Verwijderen van groepen is alleen "
"toegestaan in lokaal domein.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Interne fout. Kan de groep niet verwijden.\n"
@@ -1518,15 +1557,15 @@ msgstr "Groepen waar deze groep aan toe te voegen"
msgid "Groups to remove this group from"
msgstr "Groepen om deze groep uit te verwijderen"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Specificeer de groep waaruit verwijderd moet worden\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Specificeer de groep die aangepast moet worden\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1534,14 +1573,14 @@ msgstr ""
"Groep niet gevonden in lokaal domein, aanpassen van groepen is alleen "
"toegestaan in lokaal domein.\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Lidmaatschappen moeten in het zelfde domein vallen als de daarboven liggende "
"groep\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1550,41 +1589,41 @@ msgstr ""
"Kan groep %1$s niet in lokale domein vinden, alleen groepen in lokale domein "
"zijn toegestaan\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Kan de groep niet aanpassen - controleer of de namen van de lidmaatschappen "
"correct zijn\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Kan de groep niet aanpassen - controleer of de naam van de groep correct is\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Transactiefout. Kan de groep niet aanpassen.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sGroep: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magic Private "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$sGID nummer: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "%1$sLid gebruikers: "
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1593,7 +1632,7 @@ msgstr ""
"\n"
"%1$sIs lid van: "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1602,15 +1641,15 @@ msgstr ""
"\n"
"%1$sLid groepen: "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Geef indirecte groepslidmaatschappen recursief weer"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Specificeer de te tonen groep\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1618,7 +1657,7 @@ msgstr ""
"Groep bestaat niet in het lokale domein. Weergave van groepen is alleen "
"toegestaan in het lokale domein.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Interne fout. Kan de groep niet weergeven.\n"
@@ -1640,57 +1679,57 @@ msgid "Kill users' processes before removing him"
msgstr ""
"Kill de processen van de gebruiker voordat de gebruiker verwijderd wordt"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Specificeer de te verwijderen gebruiker\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr "Gebruiker %1$s ligt buiten het gedefinieerde ID bereik voor domein\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Kan de SELinux logincontext niet herstellen\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"WAARSCHUWING: De gebruiker (uid %1$lu) was nog ingelogd bij het "
"verwijderen.\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr "Kan niet bepalen of de gebruiker was ingelogd op dit platform"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Fout bij het controleren of de gebruiker was ingelogd\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "Het post-verwijder commando mislukte: %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
"De gebruikersmap wordt niet verwijderd - de gebruiker is geen eigenaar\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "Kan persoonlijke map niet verwijderen: %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Gebruiker bestaat niet in het lokale domein. Het verwijderen van gebruikers "
"is alleen in het lokale domein toegestaan.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Interne fout. Kan de gebruiker niet verwijderen.\n"
@@ -1714,11 +1753,11 @@ msgstr "Bevries het account"
msgid "Unlock the account"
msgstr "Heractiveer het account"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Geef de gebruiker op die aangepast moet worden\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1726,89 +1765,89 @@ msgstr ""
"Kan de gebruiker niet vinden in het lokale domein, het aanpassen van "
"gebruikers is alleen toegestaan in het lokale domein\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Kan de gebruiker niet aanpassen - controleer of de groepsnamen correct zijn\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Kan de gebruiker niet aanpassen - is de gebruiker reeds lid van de groepen?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Transactiefout. Kan de gebruiker niet aanpassen.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
"Geen enkel cache object komt overeen met de gespecificeerde zoekopdracht\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "Kon %1$s niet ongeldig maken"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "Kon %1$s %2$s niet ongeldig maken"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
#, fuzzy
msgid "Invalidate all cached entries except for sudo rules"
msgstr "Maak in de cache alle ingangen, behalve sudo regels, ongeldig"
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Maak bepaalde gebruiker ongeldig"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Maak alle gebruikers ongeldig"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Maak bepaalde groep ongeldig"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Maak alle groepen ongeldig"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "Maak bepaalde netgroep ongeldig"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "Maak alle netgroepen ongeldig"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Maak bepaalde service ongeldig "
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Maak alle services ongeldig"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "Maak bepaalde autofs map ongeldig"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "Maak alle autofs mappen ongeldig"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "Maak alleen ingangen van een bepaald domein ongeldig"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr "Selecteer tenminste een object om ongeldig te maken\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1818,7 +1857,7 @@ msgstr ""
"is, gebruik dan de volledig gekwalificeerde naam in plaats van --domain/-d "
"parameter.\n"
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "Kon beschikbare domeinen niet openen\n"
@@ -1834,12 +1873,12 @@ msgstr "Specificeer het debug niveau dat je wilt instellen\n"
msgid "Only one argument expected\n"
msgstr "Er wordt slechts een argument verwacht\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Naam '%1$s' lijkt geen FQDN ('%2$s = TRUE' is ingesteld) te zijn\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Het geheugen zit vol\n"
@@ -1848,6 +1887,6 @@ msgstr "Het geheugen zit vol\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s moet als root uitgevoerd worden\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Stuur de debuguitvoer naar bestanden in plaats van stderr"
diff --git a/po/pl.po b/po/pl.po
index 7ee1fe402..8efa40e38 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 17:40+0000\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
@@ -20,72 +20,72 @@ msgstr ""
"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
"|| n%100>=20) ? 1 : 2);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Ustawia liczbę komunikatów dziennika debugowania"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Dołącza daty w dziennikach debugowania"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr "Dołączanie mikrosekund w datach w dziennikach debugowania"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Zapisuje komunikaty debugowania do plików dziennika"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Czas oczekiwania na ping przed ponownym uruchomieniem usługi"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Czas oczekiwania między trzema sprawdzeniami ping i wymuszeniem zakończenia "
"usługi"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Polecenie do uruchomienia usługi"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Liczba prób połączenia do dostawców danych"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
"Liczba deskryptorów plików, które mogą być otwarte przez ten program "
"odpowiadający"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr "Czas bezczynności przed automatycznym rozłączeniem klienta"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Usługi SSSD do uruchomienia"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Domeny SSSD do uruchomienia"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Czas oczekiwania na komunikaty wysyłane przez SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Wyrażenie regularne do przetworzenia nazwy użytkownika i domeny"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format zgodny z printf do wyświetlania pełnych nazw"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -93,63 +93,63 @@ msgstr ""
"Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci "
"podręcznej odtwarzania Kerberosa."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "Domeny do dodania do nazw bez składnika domeny."
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupy, które powinny być bezpośrednio ignorowane przez SSSD"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Czy filtrowani użytkownicy powinni pojawiać się w grupach"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Wartość pola hasła, jaką dostawca NSS powinien zwrócić"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr "Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Zastępuje pustą wartość katalogu domowego z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "Zastępuje wartość powłoki od dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "Lista powłok, za pomocą których użytkownicy mogą się logować"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Lista powłok, które zostaną zawetowane i zastąpione powłoką zastępczą"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -157,25 +157,25 @@ msgstr ""
"Jeśli powłoka przechowywana w katalogu centralnym jest dozwolona, ale nie "
"jest dostępna, to zostanie użyta ta powłoka zastępcza"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "Powłoka do użycia, jeśli dostawca nie dostarcza żadnej"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "Jak długo wpisy pamięci podręcznej in-memory są prawidłowe"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w "
"trybie online (dni)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Ile nieudanych prób zalogowania jest dozwolonych w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -183,463 +183,492 @@ msgstr ""
"Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań "
"PAM"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Określa, czy szacować atrybuty oparte na czasie w regułach sudo"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "Określa, czy mieszać nazwy komputerów i adresy w pliku known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
"Ile sekund przechowywać komputer w pliku known_hosts po zażądaniu jego kluczy"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego "
"PAC"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+"Lista UID lub nazw użytkowników mających dostęp do programu odpowiadającego "
+"PAC"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Dostawca tożsamości"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Dostawca uwierzytelniania"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Dostawca kontroli dostępu"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Dostawca zmiany hasła"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "Dostawca SUDO"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Dostawca Autofs"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Dostawca wczytywania sesji"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Dostawca tożsamości komputera"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Minimalny identyfikator użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Maksymalny identyfikator użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Włącza wyliczanie wszystkich użytkowników/grup"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Przechowuje mieszanie haseł"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Wyświetla użytkowników/grupy w pełnej formie"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "Bez dołączania członków grup w wyszukiwaniach grup"
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania "
"wyszukiwań DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym "
"zalogowaniu (dni)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów "
"(sekundy)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Część domeny zapytania DNS wykrywania usługi"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "Zastępuje wartość GID z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Rozróżnianie wielkości liter w nazwach użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr "Jak często odświeżać w tle wygasłe wpisy"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr "Czy automatycznie aktualizować wpis DNS klienta"
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "TTL do zastosowania do wpisu DNS klienta po jego zaktualizowaniu"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Interfejs, którego adres IP powinien być używany do dynamicznych "
"aktualizacji DNS"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr "Jak często okresowo aktualizować wpis DNS klienta"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr "Określa, czy dostawca powinien aktualizować także wpis PTR"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Określa, czy narzędzie nsupdate powinno domyślnie używać portu TCP"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Jakiego rodzaju uwierzytelnianie powinno być używane do wykonywania "
"aktualizacji DNS"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+#, fuzzy
+msgid "How often should subdomains list be refreshed"
+msgstr "Jak często odświeżać w tle wygasłe wpisy"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Domena IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Adres serwera IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "Adres zapasowego serwera IPA"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Nazwa komputera klienta IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Czas w sekundach między wyszukiwaniami map SELinuksa w serwerze IPA"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Jeśli reguły DENY są dostępne, to DENY_ALL lub IGNORE"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie "
"zignorowany"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "Położenie automountera, którego używa ten klient IPA"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
"Podstawa wyszukiwania dla obiektów zawierających informacje o domenie IPA"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
"Podstawa wyszukiwania dla obiektów zawierających informacje o zakresach "
"identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr "Włącza witryny DNS - wykrywanie usług w oparciu o położenie"
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Domena Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Adres serwera Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Adres zapasowego serwera Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Nazwa komputera klienta Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Filtr LDAP do określenia uprawnień dostępu"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Adres serwera Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Adres zapasowego serwera Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Obszar Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Czas oczekiwania na uwierzytelnienie"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr "Określa, czy tworzyć pliki kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
"Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
"Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
"trybie online"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "Odnawialny czas trwania TGT"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "Czas trwania TGT"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Czas między dwoma sprawdzaniami odnowy"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Włącza FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Wybiera naczelnika do użycia dla FAST"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Włącza ujednolicanie naczelnika"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr "Włącza naczelników enterprise"
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
"się w KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Domyślna podstawowa DN"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Domyślne DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Czas do próby połączenia"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Czas do próby synchronicznych działań LDAP"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Czas między próbami ponownego połączenia w trybie offline"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Użycie tylko małych znaków w nazwach obszarów"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Ścieżka do katalogu certyfikatów CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Plik zawierający certyfikat klienta"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Plik zawierający klucz klienta"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Lista możliwych zestawów szyfrów"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Wymaga sprawdzenia certyfikatu TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Podaje używany mechanizm SASL"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Podaje obszar upoważnienia SASL do użycia"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Tablica kluczy usługi Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Podąża za odsyłaniami LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Czas trwania TGT dla połączenia LDAP"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Jak wskazywać aliasy"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr "Suma liczb, których musi brakować, aby wywołać pełne \"deref\""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -647,351 +676,355 @@ msgstr ""
"Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby "
"ujednolicić nazwę komputera podczas dowiązania SASL"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "Atrybut entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "Atrybut lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Wyłącza kontrolę stronicowania LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr "Wyłącza pobieranie zakresu Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Czas oczekiwania na żądanie wyszukiwania"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "Czas oczekiwania na żądanie wyliczenia"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Czas między aktualizacjami wyliczania"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Czas między czyszczeniem pamięci podręcznej"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych "
"identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Zakres wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filtruje wyszukiwania użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Klasa obiektów dla użytkowników"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Atrybut nazwy użytkownika"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Atrybut UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Pierwszy atrybut GID"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Atrybut GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Atrybut katalogu domowego"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Atrybut powłoki"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Atrybut UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "Atrybut objectSID"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Imię i nazwisko"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Atrybut memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Atrybut czasu modyfikacji"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "Atrybut shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "Atrybut shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "Atrybut shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "Atrybut shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "Atrybut shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "Atrybut shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "Atrybut shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "Atrybut krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "Atrybut krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "Atrybut userAccountControl AD"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "Atrybut nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "Atrybut loginDisabled NDS"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "Atrybut loginExpirationTime NDS"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Atrybut loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "Atrybut klucza publicznego SSH"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "Podstawowe DN dla wyszukiwania grup"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "Klasa obiektów dla grup"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Nazwa grupy"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Hasło grupy"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "Atrybut GID"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Atrybut elementu grupy"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Atrybut UUID grupy"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Atrybut czasu modyfikacji grup"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Klasa obiektów dla grup sieciowych"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Nazwa grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Atrybut elementów grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Potrójny atrybut grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Atrybut UUID grupy sieciowej"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Atrybut czasu modyfikacji grup sieciowych"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Podstawowe DN do wyszukiwania usług"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Klasa obiektów dla usług"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Atrybut nazwy usługi"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Atrybut portu usługi"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Atrybut protokołu usługi"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "Niższa granica dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "Wyższa granica dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
"Liczba identyfikatorów dla każdego kawałka podczas mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "SID domyślnej domeny dla mapowania identyfikatorów"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Użycie LDAP_MATCHING_RULE_IN_CHAIN do wyszukiwania grup inicjacyjnych"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Polityka do oszacowania wygaszenia hasła"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Filtr LDAP do określenia uprawnień dostępu"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -999,24 +1032,24 @@ msgstr ""
"Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie "
"hasła"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Podstawowe DN dla wyszukiwań reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "Okres między automatycznymi pełnymi odświeżeniami"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "Okres między automatycznymi inteligentnymi odświeżeniami"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1024,157 +1057,157 @@ msgstr ""
"Nazwy komputerów i/lub pełne kwalifikowane nazwy domen tego komputera do "
"filtrowania reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie "
"komputera"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Klasa obiektów dla reguł sudo"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Nazwa reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Atrybut polecenia reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Atrybut komputera reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Atrybut użytkownika reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Atrybut opcji reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "Atrybut runasuser reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Atrybut runasgroup reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Atrybut notbefore reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Atrybut notafter reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Atrybut kolejności reguły sudo"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Klasa obiektów dla map automountera"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Atrybut nazwy mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Klasa obiektów dla wpisów map automountera"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Atrybut klucza wpisu mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Atrybut wartości wpisu mapy automountera"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Podstawowe DN dla wyszukiwań map automountera"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Domyślna powłoka, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Podstawa katalogów domowych"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Nazwa używanej biblioteki NSS"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
"Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli "
"to możliwe"
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Używany stos PAM"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Uruchamia jako demon (domyślnie)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Uruchamia interaktywnie (nie jako demon)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Podaje niedomyślny plik konfiguracji"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Wyświetla numer wersji i kończy działanie"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Poziom debugowania"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Dodaje czasy debugowania"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Wyświetlanie dat z mikrosekundami"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Domena dostawcy informacji (wymagane)"
@@ -1202,74 +1235,80 @@ msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu."
msgid "Unexpected error while looking for an error description"
msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Hasła nie zgadzają się"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", hasło w pamięci podręcznej wygaśnie za: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Hasło wygasło. Pozostało %1$d możliwych logowań."
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Hasło wygaśnie za %1$d %2$s."
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "Uwierzytelnianie jest zabronione do: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Zmiana hasła nie powiodła się. "
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Komunikat serwera: "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nowe hasło: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Proszę ponownie podać nowe hasło: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Hasło: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Bieżące hasło: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Hasło wygasło. Proszę je zmienić teraz."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Poziom debugowania, z jakim uruchomić"
@@ -1278,11 +1317,11 @@ msgstr "Poziom debugowania, z jakim uruchomić"
msgid "The SSSD domain to use"
msgstr "Domena SSSD do użycia"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Błąd podczas ustawiania lokalizacji\n"
@@ -1350,95 +1389,95 @@ msgstr "Proszę podać alternatywny katalog szkieletu"
msgid "The SELinux user for user's login"
msgstr "Użytkownik SELinuksa dla loginu użytkownika"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Proszę podać grupę, do której dodać\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Proszę podać użytkownika do dodania\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Błąd podczas inicjowania narzędzi - brak lokalnej domeny\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Błąd podczas inicjowania narzędzi - brak lokalnej domeny\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Błąd podczas inicjowania narzędzi\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Podano nieprawidłową domenę w FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Wewnętrzny błąd podczas przetwarzania parametrów\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Grupy muszą być w tej samej domenie co użytkownik\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr "Nie można odnaleźć grupy %1$s w lokalnej domenie\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Nie można ustawić domyślnych wartości\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "Wybrany UID jest spoza dozwolonego zakresu\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Nie można ustawić kontekstu loginu SELinuksa\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Nie można uzyskać informacji o użytkowniku\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Katalog domowy użytkownika już istnieje, dane z katalogu szkieletu nie "
"zostaną skopiowane\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "Nie można utworzyć katalogu domowego użytkownika: %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr "Nie można utworzyć buforu poczty użytkownika: %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
"Nie można przydzielić identyfikatora użytkownikowi - czy domena jest pełna?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
"Użytkownik lub grupa o tej samej nazwie lub identyfikatorze już istnieje\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Błąd transakcji. Nie można dodać użytkownika.\n"
@@ -1446,45 +1485,45 @@ msgstr "Błąd transakcji. Nie można dodać użytkownika.\n"
msgid "The GID of the group"
msgstr "GID grupy"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Proszę podać grupę do dodania\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Wybrany GID jest spoza dozwolonego zakresu\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Nie można przydzielić identyfikatora grupie - czy domena jest pełna?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Grupa o tej samej nazwie lub GID już istnieje\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Błąd transakcji. Nie można dodać grupy.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Proszę podać grupę do usunięcia\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "Grupa %1$s jest poza określonym zakresem identyfikatorów dla domeny\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"Żądanie NSS się nie powiodło (%1$d). Wpis może zostać w pamięci podręcznej.\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1492,7 +1531,7 @@ msgstr ""
"Nie ma takiej grupy w lokalnej domenie. Usuwanie grup jest dozwolone tylko w "
"lokalnej domenie.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Wewnętrzny błąd. Nie można usunąć grupy.\n"
@@ -1504,15 +1543,15 @@ msgstr "Grupy, do których dodać tę grupę"
msgid "Groups to remove this group from"
msgstr "Grupy, z których usunąć tę grupę"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Proszę podać grupę, z której usunąć\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Proszę podać grupę do zmodyfikowania\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1520,12 +1559,12 @@ msgstr ""
"Nie można odnaleźć grupy w lokalnej domenie, modyfikowanie grup jest "
"dozwolone tylko w lokalnej domenie\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr "Członkowie grupy muszą być w tej samej domenie co grupa nadrzędna\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1534,42 +1573,42 @@ msgstr ""
"Nie można odnaleźć grupy %1$s w lokalnej domenie, tylko grupy w lokalnej "
"domenie są dozwolone\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwy członków grupy są "
"poprawne\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Nie można zmodyfikować grupy - proszę sprawdzić, czy nazwa grupy jest "
"poprawna\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Błąd transakcji. Nie można zmodyfikować grupy.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sGrupa: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Prywatne magic "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$sNumer GID: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "%1$sUżytkownicy będący członkami: "
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1578,7 +1617,7 @@ msgstr ""
"\n"
"%1$sJest członkiem: "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1587,15 +1626,15 @@ msgstr ""
"\n"
"%1$sGrupy będące członkami: "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Rekursywnie drukuje niebezpośrednich członków grupy"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Proszę podać grupę do wyświetlenia\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1603,7 +1642,7 @@ msgstr ""
"Nie ma takiej grupy w lokalnej domenie. Drukowanie grup jest dozwolone tylko "
"w lokalnej domenie.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Wewnętrzny błąd. Nie można wydrukować grupy.\n"
@@ -1623,57 +1662,57 @@ msgstr "Wymusza usunięcie plików, których właścicielem nie jest użytkownik
msgid "Kill users' processes before removing him"
msgstr "Usuwa procesy użytkownika przed jego usunięciem"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Proszę podać użytkownika do usunięcia\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
"Użytkownik %1$s jest poza określonym zakresem identyfikatorów dla domeny\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Nie można przywrócić kontekstu loginu SELinuksa\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"OSTRZEŻENIE: użytkownik (UID %1$lu) był zalogowany podczas jego usunięcia.\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr "Nie można określić, czy użytkownik był zalogowany na tej platformie"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Błąd podczas sprawdzania, czy użytkownik był zalogowany\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "Polecenie po usunięciu nie powiodło się: %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
"Katalog domowy nie zostanie usunięty - użytkownik nie jest właścicielem\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "Nie można usunąć katalogu domowego: %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Nie ma takiego użytkownika w lokalnej domenie. Usuwanie użytkowników jest "
"dozwolone tylko w lokalnej domenie.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Wewnętrzny błąd. Nie można usunąć użytkownika.\n"
@@ -1697,11 +1736,11 @@ msgstr "Zablokowanie konta"
msgid "Unlock the account"
msgstr "Odblokowanie konta"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Proszę podać użytkownika do zmodyfikowania\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1709,90 +1748,90 @@ msgstr ""
"Nie można odnaleźć użytkownika w lokalnej domenie, modyfikowanie "
"użytkowników jest dozwolone tylko w lokalnej domenie\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Nie można zmodyfikować użytkownika - proszę sprawdzić, czy nazwy grup są "
"poprawne\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Nie można zmodyfikować użytkownika - czy użytkownik jest już członkiem "
"grup?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Błąd transakcji. Nie można zmodyfikować użytkownika.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr "Żaden obiekt pamięci podręcznej nie pasuje do podanego wyszukiwania\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "Nie można unieważnić %1$s"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "Nie można unieważnić %1$s %2$s"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
#, fuzzy
msgid "Invalidate all cached entries except for sudo rules"
msgstr "Unieważnia wszystkie wpisy w pamięci podręcznej oprócz reguł sudo"
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Unieważnia podanego użytkownika"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Unieważnia wszystkich użytkowników"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Unieważnia podaną grupę"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Unieważnia wszystkie grupy"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "Unieważnia podaną grupę sieciową"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "Unieważnia wszystkie grupy sieciowe"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Unieważnia podaną usługę"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Unieważnia wszystkie usługi"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "Unieważnia podaną mapę autofs"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "Unieważnia wszystkie mapy autofs"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "Unieważnia wpisy tylko z podanej domeny"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr "Proszę wybrać co najmniej jeden obiekt do unieważnienia\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1802,7 +1841,7 @@ msgstr ""
"domeną), należy użyć w pełni kwalifikowanej nazwy zamiast parametru --"
"domain/-d.\n"
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "Nie można otworzyć dostępnych domen\n"
@@ -1818,12 +1857,12 @@ msgstr "Podaje poziom debugowania do ustawienia\n"
msgid "Only one argument expected\n"
msgstr "Oczekiwano tylko jednego parametru\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Nazwa \"%1$s\" nie jest FQDN (ustawione jest \"%2$s = TRUE\")\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Brak pamięci\n"
@@ -1832,7 +1871,7 @@ msgstr "Brak pamięci\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s musi zostać uruchomione jako root\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
"Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia błędów"
diff --git a/po/pt.po b/po/pt.po
index 9e94895de..648ef0d5a 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
@@ -17,154 +17,154 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Definir a verbosidade dos registos de depuração"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Incluir data e hora nos registos de depuração"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Gravar as mensagens de depuração em ficheiros de registo"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Foi excedido o tempo do ping antes de reiniciar o serviço"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Comando para iniciar serviço"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Número de vezes para tentar ligação aos Fornecedores de Dados"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Serviços SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Domínios SSSD a iniciar"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Limite de tempo para mensagens enviadas sobre SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Expressão regular para obter nome do utilizar e domínio"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatível com o printf para apresentar nomes completos"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Validade da cache de enumeração (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Validade da actualização da cache em segundo plano (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Validade da cache negativa (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilizadores que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Devem os utilizadores filtrados aparecer em grupos"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "O valor do campo da senha que o fornecedor NSS deve retornar"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"online (dias)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Quantas tentativas falhadas de inicio de sessão são permitidas quando offline"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -172,961 +172,990 @@ msgstr ""
"Quanto tempo (minutos) para negar a sessão após "
"offline_failed_login_attempts ter sido atingido"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Fornecedor de identidade"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Fornecedor de autenticação"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Fornecedor de controle de acesso"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Fornecedor de Alteração de Senha"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "ID de utilizador mínimo"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "ID de utilizador máximo"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Permitir enumeração de todos os utilizadores/grupos"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Efectuar cache de credenciais para sessões em modo desligado"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Guardar hashes da senha"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Apresentar utilizadores/grupos na forma completa"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Validade da cache (segundos)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir ou preferir famílias de endereços especificas quando efectua "
"consultas DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"bem sucedidas (dias)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Domínio IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Endereço do servidor IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Nome da máquina do cliente IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Endereço do servidor Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Reino Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Tempo de expiração da autenticação"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Directório para armazenar as caches de credenciais"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Servidor onde está em execução o serviço de alteração de senha, se não "
"coincide com o KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, O URI do servidor LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "A base DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "O DN por omissão para a ligação"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "O tipo de token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "O token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Período de tempo para tentar ligação"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tempo de espera para tentar operações LDAP síncronas"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Caminho para o directório do certificado CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Obriga a verificação de certificados TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Especificar mecanismo sasl a utilizar"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Separador chave do serviço Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Seguir os referrals LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Requer TLS para consultas de ID"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Âmbito das pesquisas do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Atributo GID primário"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Atributo da pasta pessoal"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal do utilizador (para Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Nome Completo"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Politica para avaliar a expiração da senha"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Lista de utilizadores autorizados separados por vírgulas"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Shell pré-definida, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Directório base para as pastas pessoais"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "O nome da biblioteca NSS a utilizar"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Stack PAM a utilizar"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Tornar-se num serviço (omissão)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Executar interactivamente (não como serviço)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Especificar um ficheiro de configuração não standard"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Nível de depuração"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Adicionar tempos na depuração"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Um descritor de ficheiro aberto para os registos de depuração"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Domínio do fornecedor de informação (obrigatório)"
@@ -1154,74 +1183,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Senhas não coincidem"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", a sua senha guardada em cache irá expirar em: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "O sistema está offline, a mudança de senha não é possível"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Alteração da senha falhou."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Mensagem do Servidor: "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nova Senha: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Digite a senha novamente: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Senha: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Senha actual: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "A senha expirou. Altere a sua senha agora."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "O nível de depuração a utilizar durante a execução"
@@ -1230,11 +1265,11 @@ msgstr "O nível de depuração a utilizar durante a execução"
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Erro ao definir a configuração regional\n"
@@ -1302,92 +1337,92 @@ msgstr "Indique um directório skeleton alternativo"
msgid "The SELinux user for user's login"
msgstr "O utilizador SELinux para a sessão do utilizador"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Indique utilizador a adicionar\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Erro ao inicializar as ferramentas - não existe domínio local\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Erro ao inicializar as ferramentas - não existe domínio local\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Erro ao inicializar as ferramentas\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Domínio inválido especificado no FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Erro interno ao processar parâmetros\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Os grupos têm de pertencer ao mesmo domínio que o utilizador\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Incapaz de definir valores por omissão\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "O UID seleccionado está fora do intervalo permitido\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Não foi possível definir o contexto SELinux para a sessão\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Incapaz de obter informação acerca do utilizador\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"A pasta pessoal do utilizador já existe. Conteúdo skeldir não copiado\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Incapaz de alocar um ID para o utilizador - domínio cheio?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Já existe um utilizador ou grupo com o mesmo nome ou ID\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Erro na transacção. Não foi possível adicionar o utilizador.\n"
@@ -1395,44 +1430,44 @@ msgstr "Erro na transacção. Não foi possível adicionar o utilizador.\n"
msgid "The GID of the group"
msgstr "O GID do grupo"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Indique grupo a adicionar\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "O GID seleccionado está fora do intervalo permitido\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Incapaz de alocar um ID para o grupo - domínio cheio?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Já existe um grupo com o mesmo nome ou GID\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Erro de transacção. Não foi possível adicionar o grupo.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Especifique grupo a remover\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1440,7 +1475,7 @@ msgstr ""
"Grupo não existe no domínio local. Apenas é permitido remover grupos no "
"domínio local.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Erro interno. Incapaz de remover grupo.\n"
@@ -1452,15 +1487,15 @@ msgstr "Grupos para adicionar este grupo"
msgid "Groups to remove this group from"
msgstr "Grupos para remover este projecto"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Especifique grupo a modificar\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1468,75 +1503,75 @@ msgstr ""
"Grupo não foi encontrado no domínio local. Apenas é permitido modificar "
"grupos no domínio local\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr "Grupos membro têm de estar no mesmo domínio do grupo pai\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Incapaz de modificar grupo - verifique que o nome do grupo membro está "
"correcto\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Incapaz de modificar grupo - verifique que o nome do grupo está correcto\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Erro de transacção. Não foi possível modificar o grupo.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "\"Magic\" Privada"
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Imprimir membros de grupos indirectos recursivamente"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Especifique grupo a apresentar\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1544,7 +1579,7 @@ msgstr ""
"Grupo não existe no domínio local. Grupos de impressão apenas permitidos no "
"domínio local.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Erro interno. Incapaz de imprimir grupo.\n"
@@ -1564,56 +1599,56 @@ msgstr "Forçar a remoção de ficheiros não pertencentes ao utilizador"
msgid "Kill users' processes before removing him"
msgstr "Mate os processos do utilizador antes de o remover"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Especificar o utilizador a remover\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Não foi possível redefinir o contexto SELinux para a sessão\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
"Não foi possível determinar se o utilizador estava autenticado nesta "
"plataforma"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Erro ao verificar se o utilizador estava autenticado\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "Pasta pessoal não removida - não pertence ao utilizador\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Utilizador não existe no domínio local. Apenas é permitido remover "
"utilizadores no domínio local.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Erro interno. Incapaz de remover utilizador.\n"
@@ -1637,11 +1672,11 @@ msgstr "Desactivar Conta"
msgid "Unlock the account"
msgstr "Activar a Conta"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Especifique utilizador a modificar\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1649,94 +1684,94 @@ msgstr ""
"Utilizador não foi encontrado no domínio local. Apenas é permitido modificar "
"utilizadores no domínio local\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Incapaz de modificar utilizador - verifique se o nome do grupo está "
"correcto\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr "Incapaz de modificar utilizador - utilizador já é membro de grupos?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Erro na transacção. Não foi possível modificar o utilizador.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1752,12 +1787,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Memória esgotada\n"
@@ -1766,6 +1801,6 @@ msgstr "Memória esgotada\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Enviar o resultado de depuração para ficheiro em vez do stderr"
diff --git a/po/ru.po b/po/ru.po
index ce8f3f8ac..424c99b6a 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
@@ -19,153 +19,153 @@ msgstr ""
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Установить подробность журнала отладки"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Добавить отметки времени в журнал отладки"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Записывать отладочные сообщения в файлы журнала"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Тайм-аут ping до перезапуска службы"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Команда для запуска службы"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Количество попыток подключения к поставщикам данных"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Запускаемые службы SSSD"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Запускаемые домены SSSD"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Тайм-аут для сообщений, отправленных через SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Регулярное выражение для разбора имени пользователя и домена"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Отображать полные имена в формате, совместимом с printf"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Длина тайм-аута кэша перечисления (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Отрицательная длина тайм-аута кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Пользователи, которых SSSD должен явно игнорировать "
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Группы, которые SSSD должен явно игнорировать "
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Должны ли отфильтрованные пользователи появляться в группах"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Значение поля пароля, которое должен вернуть поставщик NSS"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Разрешённый интервал кэшированных входов между интерактивными входами (в "
"днях)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Разрешённое количество неудачных попыток неинтерактивного входа"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -173,962 +173,991 @@ msgstr ""
"Временной интервал (в минутах), в течение которого будет запрещён вход после "
"достижения offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Поставщик данных для идентификации"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Поставщик данных для проверки подлинности"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Поставщик данных для контроля доступа"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Поставщик операции смены пароля"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Минимальный ID пользователя"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Максимальный ID пользователя"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Включить перечисление всех пользователей/групп"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Кэшировать учётные данные для неинтерактивного входа"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Хранить хеши паролей"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Отображать пользователей/группы в полной форме"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Тайм-аут элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ограничивать или предпочитать определённое семейство адресов при выполнении "
"запросов DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Как долго хранить кэшированные элементы списка после последнего успешного "
"входа (в днях)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Время ожидания ответа DNS при преобразовании имён серверов (секунд)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Доменная часть DNS-запроса поиска служб"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Интерфейс, адрес которого будет использован для обновления DNS"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-домен"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "адрес сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "имя узла клиента IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Если требуется автоматическое обновление записи в"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Фильтр LDAP для определения прав доступа"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Имя сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Область действия Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Тайм-аут проверки подлинности"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Каталог для хранения кэшей учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Расположения кэша учётных данных пользователей"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Расположение keytab-файла для проверки учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
"При отсутствии соединения сохранить пароль и пройти аутентификацию позже"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI сервера LDAP "
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Base DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Временной интервал для попытки соединения"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Временной интервал для попытки синхронизации операций LDAP"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Временной интервал между попытками возобновления соединения в автономного "
"режиме"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Файл содержащий сертификаты CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Путь к каталогу с сертификатами CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Требуется проверка сертификата TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Укажите механизм sasl"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Keytab-файл службы Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Следовать ссылкам LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Время жизни TGT для LDAP-соединений"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Требовать TLS для запросов ID"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Глубина поиска"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Атрибут «primary GID»"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Атрибут «GECOS»"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Атрибут домашнего каталога"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут участника-пользователя (для Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Полное имя"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Политика вычисления окончания срока действия пароля"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Фильтр LDAP для определения прав доступа"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Разделённый запятыми список разрешённых пользователей"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Разделённый запятыми список запрещённых пользователей"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Оболочка по умолчанию, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Место для домашних каталогов"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Имя используемой библиотеки NSS"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Используемый стек PAM"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Запускаться в качестве службы (по умолчанию)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Запускаться интерактивно (не службой)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Указать файл конфигурации"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Уровень отладки"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Добавить отладочные отметки времени"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Открытый дескриптор файла для журналов отладки"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Домен поставщика информации (обязательный)"
@@ -1158,74 +1187,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Пароли не совпадают"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", срок действия вашего кэшированного пароль истечёт:"
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Система находится в автономном режиме, невозможно сменить пароль"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Не удалось сменить пароль."
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Сообщение сервера:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Новый пароль:"
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Введите новый пароль ещё раз:"
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Пароль:"
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Текущий пароль:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Уровень отладки для запуска"
@@ -1234,11 +1269,11 @@ msgstr "Уровень отладки для запуска"
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1306,93 +1341,93 @@ msgstr "Укажите альтернативный скелетный ката
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Укажите добавляемого пользователя\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Ошибка инициализации инструментов - не найден локальный домен\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Ошибка инициализации инструментов - не найден локальный домен\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Ошибка инициализации инструментов\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "В FQDN указан неверный домен\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "При разборе параметров возникла внутренняя ошибка\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Группы должны быть в том же домене, что и пользователь\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Не удалось установить значения по умолчанию\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "Выбранный UID находится за пределами доступного диапазона\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Не удалось получить информацию о пользователе\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Домашний каталог пользователя уже существует, копирования данных из "
"скелетной директории выполнено не будет\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Для пользователя не удалось выделить ID - домен заполнен?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "Пользователь или группа с таким именем или ID уже существует\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Ошибка в транзакции. Невозможно добавить пользователя.\n"
@@ -1400,44 +1435,44 @@ msgstr "Ошибка в транзакции. Невозможно добави
msgid "The GID of the group"
msgstr "GID группы"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Укажите группу для добавления\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Выбранный GID находится вне разрешённого диапазона\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Не удалось выделить ID для группы - домен заполнен?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Группа с таким же именем или GID уже существует\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Ошибка в транзакции. Не удалось добавить группу.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Укажите группу для удаления\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1445,7 +1480,7 @@ msgstr ""
"В локальном домене такой группы нет. Удаление групп разрешено только в "
"локальном домене.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Внутренняя ошибка. Не удалось удалить группу.\n"
@@ -1457,15 +1492,15 @@ msgstr "Группы, к которым добавить эту группу"
msgid "Groups to remove this group from"
msgstr "Группы, из которых удалить эту группу"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Укажите группу для изменения\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1473,74 +1508,74 @@ msgstr ""
"Не удалось найти группу в локальном домене, изменение групп разрешено только "
"в локальном домене\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Группы-участники должны быть в том же домене, что и родительская группа\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Не удалось изменить группу — проверьте правильность имён групп-участников\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr "Не удалось изменить группу — проверьте правильность имени группы\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Ошибка в транзакции. Не удалось изменить группу.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magic Private"
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Рекурсивно выводить непрямых участников группы"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Укажите группу\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1548,7 +1583,7 @@ msgstr ""
"В локальном домене нет такой группы. Печать групп разрешена только в "
"локальном домене.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Внутренняя ошибка. Невозможно напечатать группу.\n"
@@ -1568,55 +1603,55 @@ msgstr "Принудительно удалять файлы, не принад
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Укажите пользователя для удаления\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
"Домашняя директория не удалена — пользователь не является её владельцем\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"В локальном домене нет такого пользователя. Удаление пользователей разрешено "
"только для локального домена.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Внутренняя ошибка. Не удалось удалить пользователя.\n"
@@ -1640,11 +1675,11 @@ msgstr "Заблокировать учётную запись"
msgid "Unlock the account"
msgstr "Разблокировать учётную запись"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Укажите пользователя для изменения\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1652,92 +1687,92 @@ msgstr ""
"Не удалось найти пользователя в локальном домене, изменение пользователей "
"разрешено только в локальном домене\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr "Не удалось изменить пользователя — проверьте правильность имён групп\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr "Не удалось изменить пользователя — он уже является членом групп?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Ошибка в транзакции. Не удалось изменить пользователя.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1753,12 +1788,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Недостаточно памяти\n"
@@ -1767,6 +1802,6 @@ msgstr "Недостаточно памяти\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Отправлять отладочные сообщения в файлы, а не в stderr"
diff --git a/po/sssd.pot b/po/sssd.pot
index e6d04f8f8..2502dd3a1 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,1105 +17,1134 @@ msgstr ""
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1143,74 +1172,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1219,11 +1254,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1291,91 +1326,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1383,50 +1418,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1438,92 +1473,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1543,52 +1578,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1612,102 +1647,102 @@ msgstr ""
msgid "Unlock the account"
msgstr ""
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1723,12 +1758,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1737,6 +1772,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index c929978c8..23bf383d2 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Swedish (http://www.transifex.com/projects/p/fedora/language/"
@@ -19,70 +19,70 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Ange pratsamhet för felsökningsloggning"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Inkludera tidsstämplar i felsökningsloggar"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr "Inkludera mikrosekunder i tidsstämplar i felsökningsloggar"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Skriv felmeddelanden till loggfiler"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Ping-tidsgräns före tjänst startas om"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Tidsgräns mellan tre misslyckade ping-kontroller och att framtvingat döda "
"tjänsten"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Kommando för att starta tjänst"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Antal gånger att försöka ansluta till dataleverantörer"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr "Antalet fildeskriptorer som får öppnas av denna svarare"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr "Inaktiv tid före en klient automatiskt kopplas ifrån"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "SSSD-tjänster att starta"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "SSSD-domäner att starta"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Tidsgräns för meddelanden skickade via SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Reguljäruttryck för att tolka användarnamn och domän"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-kompatibla format för att visa fullständigt kvalificerade namn"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -90,63 +90,63 @@ msgstr ""
"Katalog på filsystemet där SSSD skall lagra sparade återspolningsfiler från "
"Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "Domän att lägga till till namn utan en domändel."
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tidsgränslängd för uppräkningscache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Tidsgränslängd för negativ cache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Användare som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupper som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Skall filtrerade användare förekomma i grupper"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr "Åsidosätt hemkatalogvärdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Ersätt ett tomt hemkatalogvärde från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "Åsidosätt skalvärdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "Listan på skal användare får lova att logga in med"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Listan på skal som kommer förbjudas, och ersättas med standardskalet"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -154,24 +154,24 @@ msgstr ""
"Om ett skal lagrat i en central katalog är tillåtet men inte tillgängligt, "
"använd detta alternativ"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "Skal att använda om leverantören inte listar något"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "Hur länge sparade poster i minnet är giltiga"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hur många misslyckade inloggningsförsök som tillåts i frånkopplat läge"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -179,28 +179,28 @@ msgstr ""
"Hur länge (minuter) som inloggning nekas efter att "
"frånkopplade_inloggningsförsök har nåtts"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Vilka slags meddelanden som visas för användaren under autenticering"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr "Hur många sekunder identitetsinformationen hålls sparad för PAM-frågor"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr "Hur många dagar före ett lösenord går ut en varning skall visas"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Om tidsbaserade attribut i sudo-regler skall beräknas"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
"Om värdnamn och adresser i known_hosts-filen skall göras till kontrollsummor"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -208,414 +208,440 @@ msgstr ""
"Hur många sekunder att behålla en värd i filen known_hosts efter att dess "
"värdnycklar begärdes"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr "Lista över UID:er eller användarnamn som tillåts komma åt PAC-svararen"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr "Lista över UID:er eller användarnamn som tillåts komma åt PAC-svararen"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Identifiera leverantör"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Autentiseringsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Leverantör av åtkomstkontroll"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Leverantör av lösenordsändringar"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "SUDO-leverantör"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Autofs-leverantör"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Sessionsinläsningsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Värdidentiftetsleverantör"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Minsta användar-ID"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Största användar-ID"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Aktivera uppräkning av alla användare/grupper"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Cache-kreditiv för frånkopplad inloggning"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Lagra lösenords-kontrollsummor"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Visa användare/grupper i fullständigt kvalificerat format"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "Inkludera inte gruppmedlemmar i gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Tidsgränslängd för postcache (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Begränsa eller föredra en specifik adressfamilj vid DNS-uppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Hur länge cachade poster skall behållas efter senaste lyckade inloggning "
"(dagar)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Hur länge man väntar på svar från DNS när servrar slås upp (sekunder)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Domändelen av DNS-frågan för tjänstedetektering"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr "Åsidosätt GID-värdet från identitetsleverantören med detta värde"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Behandla användarnamn som skiftlägeskänsliga"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr "TTL:en att använda för klientens DNS-post efter att ha uppdaterat den"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "Gränssnittet var IP skall användas för dynamiska DNS-uppdateringar"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA-domän"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA-serveradress"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "Adress till reserv-IPA-server"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA-klienvärdnamn"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "Om klientens DNS-post i FreeIPA automatiskt skall uppdateras"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Sökbas för HBAC-relaterade objekt"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Tidsåtgången mellan uppslagningar av HBAC-reglerna mot IPA-servern"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
"Tiden i sekunder mellan uppslagningar av SELinux-mappningar mot IPA-servern"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Om det finns DENY-regler, antingen DENY_ALL eller IGNORE"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "Om satt till falskt kommer värdargument givna av PAM ignoreras"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "Platsen för automatmonteraren denna IPA-klient använder"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr "Sökbas för objekt som innehåller information om IPA-domänen"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr "Sökbas för objekt som innehåller information om ID-intervall"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Active Directory-domän"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Adress till Active Directory-server"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Adress till Active Directory-reservserver"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Active Directory-klienvärdnamn"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "LDAP-filter för att bestämma åtkomstprivilegier"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Adress till server för Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Adress till reservserver för Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Kerberosrike"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Autentiseringstidsgräns"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Katalog att lagra kreditiv-cachar i"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Plats för användarens kreditiv-cache"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Plats för nyckeltabellen för att validera kreditiv"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "Förnybar livstid för TGT:n"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "Livstid för TGT:n"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Tid mellan två kontroller av förnyelse"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Aktiverar FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Väljer huvudman att använda för FAST"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Aktivera kanonsisk form av huvudman"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Standard bas-DN"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Schematypen som används i LDAP-servern, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Typen på autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Tidslängd att försöka ansluta"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tidslängd att försök synkrona LDAP-operationer"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tidslängd mellan försök att återansluta vid frånkoppling"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Använd endast versaler för namn på riken"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Sökväg till katalogen med CA-certifikat"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Fil som innehåller klientcertifikatet"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Fil som innehåller klientnyckeln"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Lista över möjliga chiffersviter"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Kräv TLS-certifikatverifiering"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Ange sasl-mekanismen att använda"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Ange sasl-auktoriseringsrike att använda"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Kerberostjänstens nyckeltabell"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Följer LDAP-hänvisningar"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Livslängd på TGT för LDAP-anslutning"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Hur alias skall derefereras"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Tjänstenamn för uppslagning av DNS-tjänster"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -623,349 +649,353 @@ msgstr ""
"Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram "
"värdnamnets kanoniska form under en SASL-bindning"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "entryUSN-attribut"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "lastUSN-attribut"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Avaktivera flödesstyrningen (paging) av LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "Tidslängd att vänta på en uppräkningsbegäran"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Tidslängd mellan cache-tömningar"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Kräv TLS för ID-uppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr "Använd ID-översättning av objectSID istället för pre-set ID:n"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Omfång av användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Primärt GID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "GECOS-attribut"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Hemkatalogattribut"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "objectSID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr "Primärt gruppattribut i Active Directory för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Användarens huvudmansattribut (för Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Fullständigt namn"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "attributet shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "shadowMin-attribut"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "shadowMax-attribut"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "shadowWarning-attribut"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "shadowInactive-attribut"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "shadowExpire-attribut"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "shadowFlag-attribut"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "Attribut för listning av auktoriserade PAM-tjänster"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Attribut för listning av auktoriserade servervärdar"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "attributet krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration-attribut"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "AD:s attribut accountExpires"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "AD:s attribut userAccountControl"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "attributet nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "NDS attribut loginDisabled"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "NDS attribut loginExpirationTime"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "NDS attribut loginAllowedTimeMap"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "Attribut för publik SSH-nyckel"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "Bas-DN för gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "Objektklass för grupper"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Gruppnamn"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Grupplösenord"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "GID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Gruppmedlemsattribut"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Grupp-UUID-attribut"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Modifieringstidsattribut för grupper"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximal nästningsnivå SSSd kommer följa"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "Bas-DN för nätgruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Objektklass för nätgrupper"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Nätgruppnamn"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Attribut på nätgruppmedlemmar"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Attribut på nätgruppstripplar"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Attribut på nätgrupps-UUID"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Modifieringstidsattribut för nätgrupper"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Bas-DN för tjänsteuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Objektklass för tjänster"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Tjänstenamnsattribut"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Tjänsteportsattribut"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Tjänsteprotokollsattribut"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "Undre gräns för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "Övre gräns för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr "Antal ID:n till varje skiva vid ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr "Använd en autorid-kompatibel algoritm för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "Standarddomänens namn för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "Standarddomänens SID för ID-mappning"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr "Använd LDAP_MATCHING_RULE_IN_CHAIN för init-gruppuppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Policy för att utvärdera utgång av lösenord"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "LDAP-filter för att bestämma åtkomstprivilegier"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -973,24 +1003,24 @@ msgstr ""
"Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en "
"ändring av lösenord"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Bas-DN för regeluppslagningar"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "Intervall mellan automatisk fullständig omläsning"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "Intervall mellan automatisk smart omläsning"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -998,156 +1028,156 @@ msgstr ""
"Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för "
"att filtrera sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera "
"sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Huruvida regler som innehåller reguljära uttryck i värdattribut skall "
"inkluderas"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Objektklass för sudo-regler"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Sudo-regelnamn"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Attribut för sudo-regelkommandon"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Attribut för sudo-regelvärd"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Attribut för sudo-regelanvändare"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Attribut för sudo-regelflaggor"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr "Attribut för sudo-runasuser"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Attribut på runasgroup i sudo-regel"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Attribut för sudo-notbefore-regler"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Attribut för sudo-notafter-regler"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Attribut för sudo-order-regler"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Objektklass för automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Attribut för automatmonteraravbildningsnamn"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Objektklass för poster i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Attribut för postnycklar i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Attribut på postvärde i avbildning för automatmonteraren"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Bas-DN för uppslagningar i automatmonteraravbildningar"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Kommaseparerad lista över tillåtna användare"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Kommaseparerad lista över förbjudna användare"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Standardskal, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Bas för hemkataloger"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Namnet på NSS-biblioteket att använda"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt"
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "PAM-stack att använda"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Bli en demon (standard)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Kör interaktivt (inte en demon)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Ange en konfigurationsfil annan än standard"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Skriv ut versionsnumret och avsluta"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Felsökningsnivå"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Lägg till felsökningstidstämplar"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Visa tidsstämplar med mikrosekunder"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Ett öppet filhandtag för felsökningsloggarna"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Domän för informationsleverantören (obligatoriskt)"
@@ -1175,74 +1205,80 @@ msgstr "Ett fel uppstod, men ingen beskrivning kan hittas."
msgid "Unexpected error while looking for an error description"
msgstr "Oväntat fel vid sökning efter ett felmeddelande"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Lösenorden stämmer inte överens"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "Återställning av lösenord av root stöds inte."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Autentiserad med cachade kreditiv"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", ditt cache-lösenord kommer gå ut: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar."
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s."
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "Autentisering nekas till: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Systemet är frånkopplat, ändring av lösenord är inte möjligt"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Lösenordsändringen misslyckades. "
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Servermeddelande: "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Nytt lösenord: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Skriv det nya lösenordet igen: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Lösenord: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Nuvarande lösenord: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Felsökningsnivån att köra med"
@@ -1251,11 +1287,11 @@ msgstr "Felsökningsnivån att köra med"
msgid "The SSSD domain to use"
msgstr "SSSD-domäner att använda"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Fel när lokalen sattes\n"
@@ -1323,93 +1359,93 @@ msgstr "Ange en alternativ skelettkatalog"
msgid "The SELinux user for user's login"
msgstr "SELinux-användaren för användarens inloggning"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Ange en grupp att lägga till till\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Ange en användare att lägga till\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Fel vid initiering av verktygen — ingen lokal domän\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Fel vid initiering av verktygen — ingen lokal domän\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Fel vid initiering av verktygen\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "Ogiltig domän angiven i FQDN\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Internt fel vid tolkning av parametrar\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Grupper måste finnas i samma domän som användaren\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr "Hittar inte gruppen %1$s i den lokala domänen\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Kan inte sätta standardvärden\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "Den valda UID:n är utanför det tillåtna intervallet\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Kan inte sätta SELinux-inloggningskontext\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Kan inte få information om användaren\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Användarens hemkatalog finns redan, kopierar inte data från "
"skelettkatalogen\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "Kan inte skapa användarens hemkatalog: %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr "Kan inte skapa användarens brevlåda: %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Det gick inte att allokera ID för användaren - full domän?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "En användare eller grupp med samma namn eller ID finns redan\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Transaktionsfel. Det gick inte att lägga till användaren.\n"
@@ -1417,45 +1453,45 @@ msgstr "Transaktionsfel. Det gick inte att lägga till användaren.\n"
msgid "The GID of the group"
msgstr "GID:t för gruppen"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Ange en grupp att lägga till\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Den valda GID:n är utanför det tillåtna intervallet\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Det gick inte att allokera ID för gruppen - full domän?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "En grupp med samma namn eller GID finns redan\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Transaktionsfel. Det gick inte att lägga till gruppen.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Ange grupp att ta bort\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "Gruppen %1$s är utanför det definierade ID-intervallet för domänen\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"NSS-begäran misslyckades (%1$d). Posten kan finnas kvar i en minnes-cache.\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1463,7 +1499,7 @@ msgstr ""
"Ingen sådan grupp i den lokala domänen. Att ta bort grupper är endast "
"tillåtet i den lokala domänen.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Internt fel. Det gick inte att ta bort gruppen.\n"
@@ -1475,15 +1511,15 @@ msgstr "Grupper att lägga till denna grupp till"
msgid "Groups to remove this group from"
msgstr "Grupper att ta bort denna grupp från"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Ange grupp att ta bort ifrån\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Ange grupp att ändra\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1491,12 +1527,12 @@ msgstr ""
"Ken inte hitta gruppen i den lokala domänen, att ändra grupper är endast "
"tillåtet i den lokala domänen\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr "Medlemsgrupper måster ligga i samma domän som föräldragrupper\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1505,41 +1541,41 @@ msgstr ""
"Kan inte hitta grupp %1$s i den lokala domänen, endast grupper i den lokala "
"domänen är tillåtna\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Det gick inte att ändra gruppen - kontrollera om medlemsgruppsnamnen är "
"riktiga\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Det gick inte att ändra gruppen - kontrollera om gruppnamnet är riktigt\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Transaktionsfel. Det gick inte att ändra gruppen.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sGrupp: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Magiskt privat "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$sGID-nummer: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "%1$sMedlemsanvändare: "
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1548,7 +1584,7 @@ msgstr ""
"\n"
"%1$sÄr en medlem i: "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1557,15 +1593,15 @@ msgstr ""
"\n"
"%1$sMedlemsgrupper: "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Skriv ut indirekta gruppmedlemmar rekursivt"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Ange en grupp att visa\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1573,7 +1609,7 @@ msgstr ""
"Ingen sådan grupp i den lokala domänen. Att skriva ut grupper är endast "
"tillåtet i den lokala domänen.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Internt fel. Det gick inte att skriva ut gruppen.\n"
@@ -1593,56 +1629,56 @@ msgstr "Framtvinga borttagning av filer som inte ägs av användaren"
msgid "Kill users' processes before removing him"
msgstr "Döda anvädares processer före de tas bort"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Ange användare att ta bort\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
"Användaren %1$s är utanför det definierade ID-intervallet för domänen\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Kan inte återställa SELinux-inloggningskontext\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"VARNING: Användaren (uid %1$lu) var fortfarande inloggad när han togs bort.\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr "Det går inte att avgöra om användaren var inloggad på denna plattform"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Fel vid kontroll om användaren var inloggad\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "Kommandot efter borttagandet misslyckades: %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "Tar inte bort hemkatalogen - ägs inte av användaren\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "Kan inte ta bort hemkatalogen: %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"Ingen sådan användare i den lokala domänen. Det går endast att ta bort "
"användare i den lokala domänen.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Internt fel. Det gick inte att ta bort användaren.\n"
@@ -1666,11 +1702,11 @@ msgstr "Lås kontot"
msgid "Unlock the account"
msgstr "Lås upp kontot"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Ange användare att ändra\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1678,94 +1714,94 @@ msgstr ""
"Det gick inte att hitta användaren i den lokala domänen, det går bara att "
"ändra användare i den lokala domänen\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Det gick inte att ändra användaren - kontrollera att gruppnamnen är riktiga\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Det gick inte att ändra användaren - är användaren redan medlem i grupper?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "Transaktionsfel. Det gick inte att ändra användaren.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr "Inga cache-objekt matchade den angivna sökningen\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "Kunde inte invalidera %1$s"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "Kunde inte invalidera %1$s %2$s"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Invalidera en viss användare"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Invalidera alla användare"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Invalidera en viss grupp"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Invalidera alla grupper"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "Invalidera en viss nätgrupp"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "Invalidera alla nätgrupper"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Invalidera en viss tjänst"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Invalidera alla tjänster"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "Invalidera en viss autofs-mapp"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "Invalidera alla autofs-mappar"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "Invalidera endast poster från en viss domän"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr "Välj åtminstone ett objekt att invalidera\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "Kunde inte öppna tillgängliga domäner\n"
@@ -1781,14 +1817,14 @@ msgstr "Ange felsökningsnivån du vill ställa in\n"
msgid "Only one argument expected\n"
msgstr "Endast ett argument förväntades\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
"Namnet ”%1$s” verkar inte vara ett fullt kvalificerad domännamn (”%2$s = "
"TRUE” är satt)\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Slut på minne\n"
@@ -1797,6 +1833,6 @@ msgstr "Slut på minne\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s måste köras som root\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Skicka felutskrifter till filer istället för standard fel"
diff --git a/po/tg.po b/po/tg.po
index f60d0ba9a..48e680f1f 100644
--- a/po/tg.po
+++ b/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/"
@@ -18,1105 +18,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Номи гурӯҳ"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Пароли гурӯҳ"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "Аттрибути GID"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1144,74 +1173,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Паролҳо номувофиқанд"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Пароли нав:"
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Парол:"
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1220,11 +1255,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1292,91 +1327,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1384,50 +1419,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1439,92 +1474,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1544,52 +1579,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1613,102 +1648,102 @@ msgstr "Ҳисобро қулф кунед"
msgid "Unlock the account"
msgstr "Ҳисобро кушоед"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1724,12 +1759,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Берун аз хотира\n"
@@ -1738,6 +1773,6 @@ msgstr "Берун аз хотира\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index 2ec978269..ff5968f30 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Turkish (http://www.transifex.com/projects/p/fedora/language/"
@@ -19,1105 +19,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Servis başlatma komutu"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "En az kullanıcı ID'si"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "En fazla kullanıcı ID'si"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA alanı"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos sunucu adresi"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1145,74 +1174,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1221,11 +1256,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1293,91 +1328,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1385,50 +1420,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1440,92 +1475,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1545,52 +1580,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1614,102 +1649,102 @@ msgstr ""
msgid "Unlock the account"
msgstr ""
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1725,12 +1760,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1739,6 +1774,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index 8d8894918..394be6839 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:40+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
@@ -21,71 +21,71 @@ msgstr ""
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "Встановити рівень докладності діагностичних записів журналу"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "Додати до діагностичних журналів позначки часу"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr "Включати мілісекунди до часових позначок у журналах"
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "Записувати діагностичні повідомлення до файлів журналу"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr "Час очікування відповіді на пінг перед перезапуском служби"
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
"Час очікуванням між трьома послідовними невдалими спробами перевірки луна-"
"імпульсом і примусовим завершенням роботи служби"
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "Команда запуску служби"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr "Кількість повторних спроб встановлення з’єднання з надавачами даних"
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr "Кількість дескрипторів файлів, які може бути відкрито цим відповідачем"
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
"Проміжок бездіяльності до автоматичного від’єднання клієнтської частини"
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "Служби SSSD, які слід запустити"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "Домени SSSD, які слід запустити"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr "Час очікування для повідомлень, надісланих за допомогою SBUS"
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "Формальний вираз для обробки імені користувача і домену"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Сумісний з printf формат показу повних назв"
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -93,66 +93,66 @@ msgstr ""
"Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення "
"Kerberos."
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr "Домен, який слід додати до назв без компонента домену."
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr "Тривалість часу очікування на дані кешу нумерування (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr "Час очікування на фонове оновлення кешу записів (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr "Від’ємний час очікування на дані з кешу (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "Користувачі, яких SSSD має явно ігнорувати"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "Групи користувачів, які SSSD має явно ігнорувати"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "Чи слід показувати відфільтрованих користувачів у групах"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr "Значення поля пароля, яке має повертати постачальник даних NSS"
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Замінити значення назви домашнього каталогу від надавача профілю цим "
"значенням"
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
"Замінювати порожні значення домашніх каталогів у засобі надання даних "
"профілів цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr "Замінити значення оболонки від надавача профілю цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr "Список оболонок, за допомогою яких можуть входити користувачі"
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Список оболонок, які буде заборонено і замінено резервною оболонкою"
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -160,25 +160,25 @@ msgstr ""
"Якщо оболонка, що зберігається у центральному каталозі дозволена, але "
"недоступна, використовувати цю резервну"
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr "Оболонка, яку слід використовувати, якщо засіб не надає жодної"
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr "Строк дії записів кешу у пам’яті"
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Тривалість зберігання кешованих реєстраційних даних між входами до системи "
"(у днях)"
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr "Макс. дозволена кількість помилкових спроб входу у автономному режимі"
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -186,33 +186,33 @@ msgstr ""
"Тривалість (у хвилинах) заборони входу після досягнення значення "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для "
"запитів PAM"
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Визначає кількість днів між днем, коли має бути показано попередження, і "
"днем, коли завершиться строк дії пароля"
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Визначає, чи слід обробляти атрибути правил sudo, пов’язані з часовими "
"обмеженнями"
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr "Чи слід хешувати назви та адреси вузлів у файлі known_hosts"
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
@@ -220,436 +220,465 @@ msgstr ""
"Кількість секунд, протягом яких запису вузла зберігатиметься у файлі "
"known_hosts після надсилання запиту щодо ключів вузла"
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
"Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано "
"доступ до відповідача PAC"
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+#, fuzzy
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+"Список унікальних ідентифікаторів (UID) або імен користувачів, яким надано "
+"доступ до відповідача PAC"
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "Служба профілів"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "Служба розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "Служба керування доступом"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "Служба зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr "Служба SUDO"
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr "Служба автоматизації файлових систем"
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr "Служба завантаження сеансів"
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr "Служба профілів вузлів"
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "Мін. ідентифікатор користувача"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "Макс. ідентифікатор користувача"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "Увімкнути нумерацію всіх користувачів/груп"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "Кешувати реєстраційні дані для автономного входу"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "Зберігати хеші паролів"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr "Показувати записи користувачів/груп повністю"
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr "Не включати учасників групи у пошуки групи"
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr "Тривалість кешування записів (у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Обмежити або надавати перевагу певному сімейству адрес під час виконання "
"пошуків DNS"
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Тривалість зберігання кешованих записів після останнього успішного входу (у "
"днях)"
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Тривалість очікування на відповідь від DNS під час визначення адрес серверів "
"(у секундах)"
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом"
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
"Замінити значення ідентифікатора групи від надавача профілю цим значенням"
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr "Враховувати регістр у іменах користувачів"
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr "Наскільки часто має виконувати оновлення у тлі застарілих записів"
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr "Визначає, чи слід автоматично оновлювати запис DNS клієнта"
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
"TTL, який слід застосовувати до запису DNS клієнта після його оновлення"
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS"
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr "Визначає, наскільки часто слід періодично оновлювати запис DNS клієнта"
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
"Визначає, чи слід надавачу даних також явним чином оновлювати запис PTR"
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr "Визначає, чи слід програмі nsupdate типово використовувати TCP"
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
"Визначає тип розпізнавання, який слід використовувати для виконання "
"оновлення DNS"
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+#, fuzzy
+msgid "How often should subdomains list be refreshed"
+msgstr "Наскільки часто має виконувати оновлення у тлі застарілих записів"
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "Домен IPA"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "Адреса сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "Адреса резервного сервера IPA"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "Назва вузла клієнта IPA"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у "
"FreeIPA"
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA"
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr "Час, у секундах, між пошуками у картах SELinux на сервері IPA"
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Якщо вказано правила DENY, DENY_ALL або IGNORE"
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде "
"проігноровано"
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr "Адреса автоматичного монтування, яку використовує цей клієнт IPA"
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr "Шукати у базі об’єкт, що містить дані щодо домену IPA"
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr "Шукати у базі об’єкти, що містять дані щодо діапазонів ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr "Увімкнути сайти DNS — визначення служб на основі адрес"
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr "Домен Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr "Адреса сервера Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr "Адреса резервного сервера Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr "Назва клієнтського вузла Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr "Фільтр LDAP для визначення прав доступу"
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Адреса сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr "Адреса резервного сервера Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr "Область Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "Час очікування на розпізнавання"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr "Визначає, чи слід створювати файли kdcinfo"
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "Адреса кешу реєстраційних даних користувача"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr "Поновлюваний строк дії TGT"
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr "Строк дії TGT"
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr "Граничний час між двома перевірками для поновлення"
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr "Вмикає FAST"
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr "Визначає реєстраційний запис, який слід використовувати для FAST"
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr "Вмикає перетворення реєстраційних записів у канонічну форму"
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr "Увімкнути промислові реєстраційні дані"
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
"виявити у KDC"
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, адреса URI сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr "ldap_backup_uri, адреса сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr "Типова базова назва домену"
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr "Типова назва домену прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr "Проміжок часу між спробами встановлення з’єднання"
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Проміжок часу між повторними спробами встановлення з’єднання у автономному "
"режимі"
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr "Використовувати для назв областей лише великі літери"
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr "Шлях до каталогу сертифікатів CA"
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr "Файл, що містить клієнтський сертифікат"
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr "Файл, що містить клієнтський ключ"
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr "Показати список можливих інструментів шифрування"
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "Потрібна перевірка сертифіката TLS"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "Вкажіть механізм SASL, який слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr "Вкажіть область уповноваження SASL, яку слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr "Таблиця ключів служби Kerberos"
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr "Переходити за посиланнями LDAP"
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr "Строк дії TGT для з’єднання LDAP"
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr "Спосіб розіменування псевдонімів"
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr "Назва служби для пошуків за допомогою служби DNS"
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP"
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Кількість учасників, яких має не вистачати для вмикання повного скасування "
"посилань"
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -657,361 +686,365 @@ msgstr ""
"Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою "
"переведення назв вузлів у канонічну форму під час прив’язки до SASL"
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr "Атрибут entryUSN"
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr "Атрибут lastUSN"
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням"
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr "Вимкнути контроль сторінок у LDAP"
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr "Вимкнути отримання діапазонів Active Directory"
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "Тривалість очікування на дані запиту пошуку"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr "Тривалість очікування на дані запиту щодо переліку"
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr "Проміжок часу між оновленнями нумерації"
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr "Проміжок часу між спорожненнями кешу"
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr "Вимагати TLS для пошуків ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
"Використовувати відповідності ідентифікаторів objectSID замість попередньо "
"встановлених ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr "Базова назва домену для пошуків користувачів"
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr "Діапазон пошуків користувачів"
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr "Фільтр пошуку користувачів"
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr "Клас об’єктів для користувачів"
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr "Атрибут імені користувача"
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr "Атрибут UID"
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr "Головний атрибут GID"
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr "Атрибут GECOS"
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr "Атрибут домашнього каталогу"
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr "Атрибут оболонки"
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr "Атрибут UUID"
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr "Атрибут objectSID"
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
"Атрибут основної групи Active Directory для встановлення відповідності "
"ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "Повне ім'я"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr "Атрибут часу зміни"
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr "Атрибут shadowLastChange"
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr "Атрибут shadowMin"
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr "Атрибут shadowMax"
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr "Атрибут shadowWarning"
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr "Атрибут shadowInactive"
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr "Атрибут shadowExpire"
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr "Атрибут shadowFlag"
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr "Атрибути зі списком уповноважених серверних вузлів"
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr "Атрибут krbLastPwdChange"
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут krbPasswordExpiration"
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr "Атрибут userAccountControl AD"
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr "Атрибут nsAccountLock"
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr "Атрибут loginDisabled NDS"
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr "Атрибут loginExpirationTime NDS"
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Атрибут loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr "Атрибут відкритого ключа SSH"
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr "Базова назва домену для пошуків груп"
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr "Клас об’єктів для груп"
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr "Назва групи"
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr "Пароль групи"
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr "Атрибут GID"
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr "Атрибут членства у групі"
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr "Атрибут UUID групи"
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr "Атрибут часу зміни для груп"
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr "Базова назва домену для пошуків груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr "Клас об’єктів для груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr "Назва мережевої групи"
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr "Атрибут членства у групах у мережі"
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr "Атрибут трійки груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr "Атрибут UUID груп у мережі"
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr "Атрибут часу зміни для мережевих груп"
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr "Базова сервер назв домену для пошуку служб"
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr "Клас об’єктів для служб"
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr "Атрибут назви служби"
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr "Атрибут порту служби"
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr "Атрибут протоколу служби"
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr "Нижня межа встановлення відповідності ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr "Верхня межа встановлення відповідності ідентифікатора"
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
"Кількість ідентифікаторів для кожного зрізу під час встановлення "
"відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
"Використовувати для встановлення відповідності ідентифікаторів алгоритм, "
"сумісний з autorid"
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr "Назва типового домену для встановлення відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr "SID типового домену для встановлення відповідності ідентифікаторів"
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr "Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків груп (group)"
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
"Використовувати LDAP_MATCHING_RULE_IN_CHAIN щодо пошуків початкових груп "
"(initgroup)"
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP"
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "Правила оцінки завершення строку дії пароля"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr "Фільтр LDAP для визначення прав доступу"
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Атрибути які слід використовувати для визначення чинності облікового запису"
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Правила, які має бути використано для визначення достатності прав доступу"
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
@@ -1019,25 +1052,25 @@ msgstr ""
"Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після "
"зміни пароля"
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr "Базова назва домену для пошуків правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr "Період автоматичного повного оновлення даних"
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr "Період автоматичного кмітливого оновлення даних"
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
"Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та "
"мережами"
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
@@ -1045,160 +1078,160 @@ msgstr ""
"Назви вузлів і/або повні назви у домені для цього комп’ютера для "
"фільтрування списку правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
"Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку "
"правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
"Визначає, чи слід включати правила, що містять мережеву групу у атрибуті "
"вузла"
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
"Визначає, чи слід включати правила, що містять формальний вираз у атрибуті "
"вузла"
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr "Клас об’єктів для правил sudo"
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr "Назва правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr "Атрибут команди правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr "Атрибут вузла правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr "Атрибут користувача правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr "Атрибут параметрів правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
"Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr "Атрибут граничного часу початку дії правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr "Атрибут граничного часу завершення дії правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr "Атрибут порядку правила sudo"
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr "Клас об’єктів для карт автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr "Атрибут назви карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr "Клас об’єктів для записів карт автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr "Атрибут ключа запису карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr "Атрибут значення запису карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування"
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "Відокремлений комами список дозволених користувачів"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "Відокремлений комами список заборонених користувачів"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "Типова оболонка, /bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr "Базова адреса домашніх каталогів"
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "Назва бібліотеки NSS, яку слід використовувати"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
"Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це "
"можливо"
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "Стек PAM, який слід використовувати"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "Запуститися фонову службу (типова поведінка)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "Запустити у інтерактивному режимі (без фонової служби)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "Вказати нетиповий файл налаштувань"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr "Вивести номер версії і завершити роботу"
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "Рівень зневаджування"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "Додавати діагностичні часові позначки"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr "Показувати мікросекунди у часових позначках"
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr "Дескриптор відкритого файла для запису журналів діагностики"
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr "Домен надання відомостей (обов’язковий)"
@@ -1226,74 +1259,80 @@ msgstr "Сталася помилка, але не вдалося знайти
msgid "Unexpected error while looking for an error description"
msgstr "Неочікувана помилка під час пошуку опису помилки"
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "Паролі не збігаються"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr "Підтримки скидання пароля користувачем root не передбачено."
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr "Розпізнано за реєстраційними даними з кешу"
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ", строк дії вашого кешованого пароля завершиться: "
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr "Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи."
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr "Строк дії вашого пароля завершиться за %1$d %2$s."
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr "Розпізнавання заборонено до: "
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "Система працює у автономному режимі, зміна пароля неможлива"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "Спроба зміни пароля зазнала невдачі. "
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "Повідомлення сервера: "
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "Новий пароль: "
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "Ще раз введіть новий пароль: "
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "Пароль: "
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "Поточний пароль: "
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "Строк дії пароля вичерпано. Змініть ваш пароль."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr "Рівень діагностики під час запуску"
@@ -1302,11 +1341,11 @@ msgstr "Рівень діагностики під час запуску"
msgid "The SSSD domain to use"
msgstr "Домен SSSD, який слід використовувати"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "Помилка під час спроби встановити локаль\n"
@@ -1374,97 +1413,97 @@ msgstr "Вказати альтернативний основний катал
msgid "The SELinux user for user's login"
msgstr "Ім’я користувача SELinux для входу до системи"
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr "Вкажіть групу для додавання\n"
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "Вкажіть користувача, запис якого слід додати\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "Помилка ініціалізації інструментів: немає локального домену\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "Помилка ініціалізації інструментів: немає локального домену\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "Помилка ініціалізації інструментів\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "У FQDN вказано некоректний домен\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "Внутрішня помилка під час обробки параметрів\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "Групи мають належати до того самого домену, що і користувач\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr "Не вдалося знайти групу %1$s у локальному домені\n"
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "Не вдалося встановити типові значення\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
"Вибраний ідентифікатор користувача не належить до діапазону дозволених\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr "Не вдалося встановити контекст входу SELinux\n"
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "Не вдалося отримати відомості щодо користувача\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Домашній каталог користувача вже існує, копіювання даних з каталогу skel не "
"виконуватиметься\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr "Не вдалося створити домашній каталог користувача: %1$s\n"
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr "Не вдалося створити поштовий буфер користувача: %1$s\n"
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
"Не вдалося отримати ідентифікатор для користувача. Домен переповнено?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
"Вже існує користувач або група з таким самим іменем, назвою або "
"ідентифікатором\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "Помилка під час виконання операції. Не вдалося додати користувача.\n"
@@ -1472,46 +1511,46 @@ msgstr "Помилка під час виконання операції. Не
msgid "The GID of the group"
msgstr "Ідентифікатор групи"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "Вкажіть групу, яку слід додати\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "Вибраний ідентифікатор групи не належить до діапазону дозволених\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "Не вдалося отримати ідентифікатор для групи. Домен переповнено?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "Вже існує група з такою самою назвою або ідентифікатором\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "Помилка під час виконання операції Не вдалося додати групу.\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "Вкажіть групу, яку слід вилучити\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr "Група %1$s не належить визначеному діапазону ідентифікаторів домену\n"
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
"Спроба запиту NSS зазнала невдачі (%1$d). Запис може залишитися у кеші у "
"пам’яті.\n"
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
@@ -1519,7 +1558,7 @@ msgstr ""
"У локальному домені немає такої групи. Вилучення груп можливе лише у межах "
"локального домену.\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "Внутрішня помилка. Не вдалося вилучити запис групи.\n"
@@ -1531,15 +1570,15 @@ msgstr "Групи, до яких слід додати цю групу"
msgid "Groups to remove this group from"
msgstr "Групи, з яких слід вилучити цю групу"
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr "Вкажіть групу, запис якої слід вилучити\n"
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "Вкажіть групу, запис якої слід змінити\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
@@ -1547,13 +1586,13 @@ msgstr ""
"Не вдалося знайти групу у локальному домені. Зміну записів груп можна "
"виконувати лише у межах локального домену\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
"Групи-учасники мають належати до того самого домену, що і основна група\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
@@ -1562,41 +1601,41 @@ msgstr ""
"Не вдалося знайти групу %1$s у локальному домені, можна використовувати лише "
"групи з локального домену\n"
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
"Не вдалося змінити запис групи. Перевірте, чи правильно вказано назви груп-"
"учасників\n"
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
"Не вдалося змінити запис групи. Перевірте, чи правильно вказано назву групи\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "Помилка під час виконання операції Не вдалося змінити групу.\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr "%1$s%2$sГрупа: %3$s\n"
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "Магічна приватна "
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr "%1$sНомер GID: %2$d\n"
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr "%1$sКористувачі-учасники: "
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
@@ -1605,7 +1644,7 @@ msgstr ""
"\n"
"%1$sє учасником: "
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
@@ -1614,15 +1653,15 @@ msgstr ""
"\n"
"%1$sГрупи-учасники: "
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "Виводити дані щодо непрямих учасників групи рекурсивно"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "Вкажіть групу, дані якої слід показати\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
@@ -1630,7 +1669,7 @@ msgstr ""
"У локальному домені немає такої групи. Вивід даних груп можливий лише у "
"межах локального домену.\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "Внутрішня помилка. Не вдалося вивести дані групи.\n"
@@ -1650,58 +1689,58 @@ msgstr "Примусово вилучити файли, які не належа
msgid "Kill users' processes before removing him"
msgstr "Припинити роботу процесів користувача перед вилученням його запису"
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "Вкажіть користувача, запис якого слід вилучити\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
"Користувач %1$s не належить визначеному діапазону ідентифікаторів домену\n"
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr "Не вдалося відновити початковий контекст входу SELinux\n"
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
"ПОПЕРЕДЖЕННЯ: користувач (uid %1$lu) все ще працював у системі на час "
"вилучення його запису.\n"
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
"Не вдалося визначити, чи увійшов користувач до системи на цій платформі"
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr "Помилка під час перевірки входу користувача до системи\n"
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr "Помилка команди, яку слід було виконати після вилучення запису: %1$s\n"
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "Домашній каталог не буде вилучено. Він не належить користувачеві.\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr "Не вдалося вилучити домашній каталог: %1$s\n"
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
"У локальному домені немає такого користувача. Вилучення користувачів можливе "
"лише у межах локального домену.\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "Внутрішня помилка Не вдалося вилучити запис користувача.\n"
@@ -1725,11 +1764,11 @@ msgstr "Заблокувати обліковий запис"
msgid "Unlock the account"
msgstr "Розблокувати обліковий запис"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "Вкажіть користувача, запис якого слід змінити\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
@@ -1737,91 +1776,91 @@ msgstr ""
"Не вдалося знайти користувача у локальному домені. Зміну записів "
"користувачів можна виконувати лише у межах локального домену\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
"Не вдалося змінити запис користувача. Перевірте, чи правильно вказано назви "
"груп\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
"Не вдалося змінити запис користувача. Користувач вже є учасником груп?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
"Помилка під час виконання операції. Не вдалося змінити запис користувача.\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr "Вказаному критерію пошуку не відповідає жоден об’єкт у кеші\n"
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr "Не вдалося скасувати визначення %1$s"
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr "Не вдалося скасувати визначення %1$s %2$s"
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
#, fuzzy
msgid "Invalidate all cached entries except for sudo rules"
msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo"
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr "Скасувати визначення певного користувача"
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr "Скасувати визначення всіх користувачів"
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr "Скасувати визначення певної групи"
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr "Скасувати визначення всіх груп"
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr "Скасувати визначення певної мережевої групи"
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr "Скасувати визначення всіх мережевих груп"
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr "Скасувати визначення певної служби"
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr "Скасувати визначення всіх служб"
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr "Скасувати визначення певну карту autofs"
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr "Скасувати визначення всіх карт autofs"
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr "Скасувати визначення лише записів з певного домену"
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
"Будь ласка, виберіть принаймні один об’єкт для скасовування відповідності\n"
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
@@ -1830,7 +1869,7 @@ msgstr ""
"Не вдалося відкрити домен %1$s. Якщо цей домен є піддоменом (довіреним "
"доменом), скористайтеся повною назвою замість параметра --domain/-d.\n"
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr "Не вдалося відкрити доступні домени\n"
@@ -1846,12 +1885,12 @@ msgstr "Вкажіть рівень діагностики, який ви баж
msgid "Only one argument expected\n"
msgstr "Мало бути вказано лише один аргумент\n"
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr "Здається, назва «%1$s» не є FQDN (встановлено «%2$s = TRUE»)\n"
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "Не вистачає пам'яті\n"
@@ -1860,6 +1899,6 @@ msgstr "Не вистачає пам'яті\n"
msgid "%1$s must be run as root\n"
msgstr "%1$s слід запускати від імені користувача root\n"
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "Надіслати діагностичні дані до файлів, а не до stderr"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index f66e40984..c2e5d102b 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) <trans-zh_cn@lists.fedoraproject.org>\n"
@@ -18,1105 +18,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr "设定调试日志记录等级"
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "在调试日志中包含时间戳"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "写入调试信息到日志文件"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "启动服务命令"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr "保存密码哈希值"
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA 服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr "IPA 备份服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos 服务器地址"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "验证超时"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1144,74 +1173,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1220,11 +1255,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr ""
@@ -1292,91 +1327,91 @@ msgstr ""
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr ""
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr ""
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr ""
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr ""
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr ""
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr ""
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr ""
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr ""
@@ -1384,50 +1419,50 @@ msgstr ""
msgid "The GID of the group"
msgstr ""
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr ""
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr ""
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr ""
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr ""
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr ""
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr ""
@@ -1439,92 +1474,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr ""
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr ""
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr ""
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr ""
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr ""
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr ""
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr ""
@@ -1544,52 +1579,52 @@ msgstr ""
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr ""
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr ""
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr ""
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr ""
@@ -1613,102 +1648,102 @@ msgstr ""
msgid "Unlock the account"
msgstr ""
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr ""
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr ""
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr ""
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr ""
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1724,12 +1759,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr ""
@@ -1738,6 +1773,6 @@ msgstr ""
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/zh_TW.po b/po/zh_TW.po
index d6771cf35..b51da191e 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2013-08-28 22:37+0200\n"
+"POT-Creation-Date: 2014-05-30 16:48+0200\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n"
@@ -17,1105 +17,1134 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: src/config/SSSDConfig/__init__.py.in:39
+#: src/config/SSSDConfig/__init__.py.in:40
msgid "Set the verbosity of the debug logging"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:40
+#: src/config/SSSDConfig/__init__.py.in:41
msgid "Include timestamps in debug logs"
msgstr "在除錯日誌內加入時間戳記"
-#: src/config/SSSDConfig/__init__.py.in:41
+#: src/config/SSSDConfig/__init__.py.in:42
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:42
+#: src/config/SSSDConfig/__init__.py.in:43
msgid "Write debug messages to logfiles"
msgstr "將除錯訊息寫入日誌檔"
-#: src/config/SSSDConfig/__init__.py.in:43
+#: src/config/SSSDConfig/__init__.py.in:44
msgid "Ping timeout before restarting service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:44
+#: src/config/SSSDConfig/__init__.py.in:45
msgid ""
"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:45
+#: src/config/SSSDConfig/__init__.py.in:46
msgid "Command to start service"
msgstr "啟動服務的指令"
-#: src/config/SSSDConfig/__init__.py.in:46
+#: src/config/SSSDConfig/__init__.py.in:47
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:47
+#: src/config/SSSDConfig/__init__.py.in:48
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:48
+#: src/config/SSSDConfig/__init__.py.in:49
msgid "Idle time before automatic disconnection of a client"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:51
+#: src/config/SSSDConfig/__init__.py.in:52
msgid "SSSD Services to start"
msgstr "要啟動的 SSSD 服務"
-#: src/config/SSSDConfig/__init__.py.in:52
+#: src/config/SSSDConfig/__init__.py.in:53
msgid "SSSD Domains to start"
msgstr "要啟動的 SSSD 網域"
-#: src/config/SSSDConfig/__init__.py.in:53
+#: src/config/SSSDConfig/__init__.py.in:54
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:54
+#: src/config/SSSDConfig/__init__.py.in:55
msgid "Regex to parse username and domain"
msgstr "用來解析使用者名稱與網域的正規表示式"
-#: src/config/SSSDConfig/__init__.py.in:55
+#: src/config/SSSDConfig/__init__.py.in:56
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:56
+#: src/config/SSSDConfig/__init__.py.in:57
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:57
+#: src/config/SSSDConfig/__init__.py.in:58
msgid "Domain to add to names without a domain component."
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:60
+#: src/config/SSSDConfig/__init__.py.in:61
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:61
+#: src/config/SSSDConfig/__init__.py.in:62
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:62
-#: src/config/SSSDConfig/__init__.py.in:88
+#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:89
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:63
+#: src/config/SSSDConfig/__init__.py.in:64
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的使用者"
-#: src/config/SSSDConfig/__init__.py.in:64
+#: src/config/SSSDConfig/__init__.py.in:65
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的群組"
-#: src/config/SSSDConfig/__init__.py.in:65
+#: src/config/SSSDConfig/__init__.py.in:66
msgid "Should filtered users appear in groups"
msgstr "過濾的使用者是否應該顯現在群組內"
-#: src/config/SSSDConfig/__init__.py.in:66
+#: src/config/SSSDConfig/__init__.py.in:67
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:67
+#: src/config/SSSDConfig/__init__.py.in:68
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:68
+#: src/config/SSSDConfig/__init__.py.in:69
msgid ""
"Substitute empty homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:69
+#: src/config/SSSDConfig/__init__.py.in:70
msgid "Override shell value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:73
+#: src/config/SSSDConfig/__init__.py.in:74
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:74
+#: src/config/SSSDConfig/__init__.py.in:75
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:81
+#: src/config/SSSDConfig/__init__.py.in:82
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:82
+#: src/config/SSSDConfig/__init__.py.in:83
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:85
+#: src/config/SSSDConfig/__init__.py.in:86
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:91
+#: src/config/SSSDConfig/__init__.py.in:92
msgid "Whether to hash host names and addresses in the known_hosts file"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:92
+#: src/config/SSSDConfig/__init__.py.in:93
msgid ""
"How many seconds to keep a host in the known_hosts file after its host keys "
"were requested"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:95
+#: src/config/SSSDConfig/__init__.py.in:96
msgid "List of UIDs or user names allowed to access the PAC responder"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:98
+#: src/config/SSSDConfig/__init__.py.in:99
+msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:100
+msgid "List of user attributes the InfoPipe is allowed to publish"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:103
msgid "Identity provider"
msgstr "身分提供者"
-#: src/config/SSSDConfig/__init__.py.in:99
+#: src/config/SSSDConfig/__init__.py.in:104
msgid "Authentication provider"
msgstr "認證提供者"
-#: src/config/SSSDConfig/__init__.py.in:100
+#: src/config/SSSDConfig/__init__.py.in:105
msgid "Access control provider"
msgstr "存取控制提供者"
-#: src/config/SSSDConfig/__init__.py.in:101
+#: src/config/SSSDConfig/__init__.py.in:106
msgid "Password change provider"
msgstr "密碼變更提供者"
-#: src/config/SSSDConfig/__init__.py.in:102
+#: src/config/SSSDConfig/__init__.py.in:107
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:103
+#: src/config/SSSDConfig/__init__.py.in:108
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:104
+#: src/config/SSSDConfig/__init__.py.in:109
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:105
+#: src/config/SSSDConfig/__init__.py.in:110
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:108
+#: src/config/SSSDConfig/__init__.py.in:113
msgid "Minimum user ID"
msgstr "最小的使用者 ID"
-#: src/config/SSSDConfig/__init__.py.in:109
+#: src/config/SSSDConfig/__init__.py.in:114
msgid "Maximum user ID"
msgstr "最大的使用者 ID"
-#: src/config/SSSDConfig/__init__.py.in:110
+#: src/config/SSSDConfig/__init__.py.in:115
msgid "Enable enumerating all users/groups"
msgstr "啟用所有使用者或群組的列舉"
-#: src/config/SSSDConfig/__init__.py.in:111
+#: src/config/SSSDConfig/__init__.py.in:116
msgid "Cache credentials for offline login"
msgstr "供離線登入使用的快取憑證"
-#: src/config/SSSDConfig/__init__.py.in:112
+#: src/config/SSSDConfig/__init__.py.in:117
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:113
+#: src/config/SSSDConfig/__init__.py.in:118
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:114
+#: src/config/SSSDConfig/__init__.py.in:119
msgid "Don't include group members in group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:115
-#: src/config/SSSDConfig/__init__.py.in:122
-#: src/config/SSSDConfig/__init__.py.in:123
-#: src/config/SSSDConfig/__init__.py.in:124
-#: src/config/SSSDConfig/__init__.py.in:125
-#: src/config/SSSDConfig/__init__.py.in:126
+#: src/config/SSSDConfig/__init__.py.in:120
#: src/config/SSSDConfig/__init__.py.in:127
+#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:130
+#: src/config/SSSDConfig/__init__.py.in:131
+#: src/config/SSSDConfig/__init__.py.in:132
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:116
+#: src/config/SSSDConfig/__init__.py.in:121
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:117
+#: src/config/SSSDConfig/__init__.py.in:122
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:118
+#: src/config/SSSDConfig/__init__.py.in:123
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:119
+#: src/config/SSSDConfig/__init__.py.in:124
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:120
+#: src/config/SSSDConfig/__init__.py.in:125
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:121
+#: src/config/SSSDConfig/__init__.py.in:126
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:128
+#: src/config/SSSDConfig/__init__.py.in:133
msgid "How often should expired entries be refreshed in background"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:129
+#: src/config/SSSDConfig/__init__.py.in:134
msgid "Whether to automatically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:130
-#: src/config/SSSDConfig/__init__.py.in:144
+#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:150
msgid "The TTL to apply to the client's DNS entry after updating it"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:131
-#: src/config/SSSDConfig/__init__.py.in:145
+#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:151
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:132
+#: src/config/SSSDConfig/__init__.py.in:137
msgid "How often to periodically update the client's DNS entry"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:133
+#: src/config/SSSDConfig/__init__.py.in:138
msgid "Whether the provider should explicitly update the PTR record as well"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:134
+#: src/config/SSSDConfig/__init__.py.in:139
msgid "Whether the nsupdate utility should default to using TCP"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:135
+#: src/config/SSSDConfig/__init__.py.in:140
msgid "What kind of authentication should be used to perform the DNS update"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:136
+#: src/config/SSSDConfig/__init__.py.in:141
msgid "Control enumeration of trusted domains"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:139
+#: src/config/SSSDConfig/__init__.py.in:142
+msgid "How often should subdomains list be refreshed"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:145
msgid "IPA domain"
msgstr "IPA 網域"
-#: src/config/SSSDConfig/__init__.py.in:140
+#: src/config/SSSDConfig/__init__.py.in:146
msgid "IPA server address"
msgstr "IPA 伺服器位址"
-#: src/config/SSSDConfig/__init__.py.in:141
+#: src/config/SSSDConfig/__init__.py.in:147
msgid "Address of backup IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:142
+#: src/config/SSSDConfig/__init__.py.in:148
msgid "IPA client hostname"
msgstr "IPA 客戶端主機名稱"
-#: src/config/SSSDConfig/__init__.py.in:143
+#: src/config/SSSDConfig/__init__.py.in:149
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:146
+#: src/config/SSSDConfig/__init__.py.in:152
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:147
+#: src/config/SSSDConfig/__init__.py.in:153
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:148
+#: src/config/SSSDConfig/__init__.py.in:154
msgid ""
"The amount of time in seconds between lookups of the SELinux maps against "
"the IPA server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:149
+#: src/config/SSSDConfig/__init__.py.in:155
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:150
+#: src/config/SSSDConfig/__init__.py.in:156
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:151
+#: src/config/SSSDConfig/__init__.py.in:157
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:152
+#: src/config/SSSDConfig/__init__.py.in:158
msgid "Search base for object containing info about IPA domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:153
+#: src/config/SSSDConfig/__init__.py.in:159
msgid "Search base for objects containing info about ID ranges"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:154
-#: src/config/SSSDConfig/__init__.py.in:161
+#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:167
msgid "Enable DNS sites - location based service discovery"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:157
+#: src/config/SSSDConfig/__init__.py.in:163
msgid "Active Directory domain"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:158
+#: src/config/SSSDConfig/__init__.py.in:164
msgid "Active Directory server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:159
+#: src/config/SSSDConfig/__init__.py.in:165
msgid "Active Directory backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:160
+#: src/config/SSSDConfig/__init__.py.in:166
msgid "Active Directory client hostname"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:164
-#: src/config/SSSDConfig/__init__.py.in:165
+#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:331
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:169
+msgid "Whether to use the Global Catalog for lookups"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:170
+msgid "Operation mode for GPO-based access control"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:174
msgid "Kerberos server address"
msgstr "Kerberos 伺服器位址"
-#: src/config/SSSDConfig/__init__.py.in:166
+#: src/config/SSSDConfig/__init__.py.in:175
msgid "Kerberos backup server address"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:167
+#: src/config/SSSDConfig/__init__.py.in:176
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:168
+#: src/config/SSSDConfig/__init__.py.in:177
msgid "Authentication timeout"
msgstr "認證逾時"
-#: src/config/SSSDConfig/__init__.py.in:169
+#: src/config/SSSDConfig/__init__.py.in:178
msgid "Whether to create kdcinfo files"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:172
+#: src/config/SSSDConfig/__init__.py.in:181
msgid "Directory to store credential caches"
msgstr "儲存憑證快取的目錄"
-#: src/config/SSSDConfig/__init__.py.in:173
+#: src/config/SSSDConfig/__init__.py.in:182
msgid "Location of the user's credential cache"
msgstr "使用者憑證快取的位置"
-#: src/config/SSSDConfig/__init__.py.in:174
+#: src/config/SSSDConfig/__init__.py.in:183
msgid "Location of the keytab to validate credentials"
msgstr "驗證憑證用的金鑰表格位置"
-#: src/config/SSSDConfig/__init__.py.in:175
+#: src/config/SSSDConfig/__init__.py.in:184
msgid "Enable credential validation"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig/__init__.py.in:176
+#: src/config/SSSDConfig/__init__.py.in:185
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:177
+#: src/config/SSSDConfig/__init__.py.in:186
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:178
+#: src/config/SSSDConfig/__init__.py.in:187
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:179
+#: src/config/SSSDConfig/__init__.py.in:188
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:180
+#: src/config/SSSDConfig/__init__.py.in:189
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:181
+#: src/config/SSSDConfig/__init__.py.in:190
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:182
+#: src/config/SSSDConfig/__init__.py.in:191
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:183
+#: src/config/SSSDConfig/__init__.py.in:192
msgid "Enables enterprise principals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:186
-#: src/config/SSSDConfig/__init__.py.in:187
+#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:196
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:190
+#: src/config/SSSDConfig/__init__.py.in:199
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:191
+#: src/config/SSSDConfig/__init__.py.in:200
msgid "ldap_backup_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:192
+#: src/config/SSSDConfig/__init__.py.in:201
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:193
+#: src/config/SSSDConfig/__init__.py.in:202
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:194
+#: src/config/SSSDConfig/__init__.py.in:203
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:195
+#: src/config/SSSDConfig/__init__.py.in:204
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:196
+#: src/config/SSSDConfig/__init__.py.in:205
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:197
+#: src/config/SSSDConfig/__init__.py.in:206
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:198
+#: src/config/SSSDConfig/__init__.py.in:207
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:199
+#: src/config/SSSDConfig/__init__.py.in:208
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:200
+#: src/config/SSSDConfig/__init__.py.in:209
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:201
+#: src/config/SSSDConfig/__init__.py.in:210
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:202
+#: src/config/SSSDConfig/__init__.py.in:211
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:203
+#: src/config/SSSDConfig/__init__.py.in:212
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:204
+#: src/config/SSSDConfig/__init__.py.in:213
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:205
+#: src/config/SSSDConfig/__init__.py.in:214
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:206
+#: src/config/SSSDConfig/__init__.py.in:215
msgid "Require TLS certificate verification"
msgstr "需要 TLS 憑證驗證"
-#: src/config/SSSDConfig/__init__.py.in:207
+#: src/config/SSSDConfig/__init__.py.in:216
msgid "Specify the sasl mechanism to use"
msgstr "指定要使用的 sasl 機制"
-#: src/config/SSSDConfig/__init__.py.in:208
+#: src/config/SSSDConfig/__init__.py.in:217
msgid "Specify the sasl authorization id to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig/__init__.py.in:209
+#: src/config/SSSDConfig/__init__.py.in:218
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:210
+#: src/config/SSSDConfig/__init__.py.in:219
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:211
+#: src/config/SSSDConfig/__init__.py.in:220
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:212
+#: src/config/SSSDConfig/__init__.py.in:221
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:213
+#: src/config/SSSDConfig/__init__.py.in:222
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:214
+#: src/config/SSSDConfig/__init__.py.in:223
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:215
+#: src/config/SSSDConfig/__init__.py.in:224
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:216
+#: src/config/SSSDConfig/__init__.py.in:225
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:217
+#: src/config/SSSDConfig/__init__.py.in:226
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:218
+#: src/config/SSSDConfig/__init__.py.in:227
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:219
+#: src/config/SSSDConfig/__init__.py.in:228
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:221
+#: src/config/SSSDConfig/__init__.py.in:230
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:222
+#: src/config/SSSDConfig/__init__.py.in:231
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:224
+#: src/config/SSSDConfig/__init__.py.in:233
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:226
+#: src/config/SSSDConfig/__init__.py.in:235
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:227
+#: src/config/SSSDConfig/__init__.py.in:236
msgid "Disable Active Directory range retrieval"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:230
+#: src/config/SSSDConfig/__init__.py.in:239
msgid "Length of time to wait for a search request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig/__init__.py.in:231
+#: src/config/SSSDConfig/__init__.py.in:240
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:232
+#: src/config/SSSDConfig/__init__.py.in:241
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:233
+#: src/config/SSSDConfig/__init__.py.in:242
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:234
+#: src/config/SSSDConfig/__init__.py.in:243
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:235
+#: src/config/SSSDConfig/__init__.py.in:244
msgid "Use ID-mapping of objectSID instead of pre-set IDs"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:236
+#: src/config/SSSDConfig/__init__.py.in:245
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:237
+#: src/config/SSSDConfig/__init__.py.in:246
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:238
+#: src/config/SSSDConfig/__init__.py.in:247
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:239
+#: src/config/SSSDConfig/__init__.py.in:248
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:240
+#: src/config/SSSDConfig/__init__.py.in:249
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:242
+#: src/config/SSSDConfig/__init__.py.in:251
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:243
+#: src/config/SSSDConfig/__init__.py.in:252
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:244
+#: src/config/SSSDConfig/__init__.py.in:253
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:245
+#: src/config/SSSDConfig/__init__.py.in:254
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:246
+#: src/config/SSSDConfig/__init__.py.in:255
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:247
+#: src/config/SSSDConfig/__init__.py.in:256
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:248
-#: src/config/SSSDConfig/__init__.py.in:284
+#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:294
msgid "objectSID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:249
+#: src/config/SSSDConfig/__init__.py.in:258
msgid "Active Directory primary group attribute for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:250
+#: src/config/SSSDConfig/__init__.py.in:259
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:251
+#: src/config/SSSDConfig/__init__.py.in:260
msgid "Full Name"
msgstr "全名"
-#: src/config/SSSDConfig/__init__.py.in:252
+#: src/config/SSSDConfig/__init__.py.in:261
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:253
+#: src/config/SSSDConfig/__init__.py.in:262
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:255
+#: src/config/SSSDConfig/__init__.py.in:264
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:256
+#: src/config/SSSDConfig/__init__.py.in:265
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:257
+#: src/config/SSSDConfig/__init__.py.in:266
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:258
+#: src/config/SSSDConfig/__init__.py.in:267
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:259
+#: src/config/SSSDConfig/__init__.py.in:268
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:260
+#: src/config/SSSDConfig/__init__.py.in:269
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:261
+#: src/config/SSSDConfig/__init__.py.in:270
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:262
+#: src/config/SSSDConfig/__init__.py.in:271
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:263
+#: src/config/SSSDConfig/__init__.py.in:272
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:264
+#: src/config/SSSDConfig/__init__.py.in:273
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:265
+#: src/config/SSSDConfig/__init__.py.in:274
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:266
+#: src/config/SSSDConfig/__init__.py.in:275
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:267
+#: src/config/SSSDConfig/__init__.py.in:276
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:268
+#: src/config/SSSDConfig/__init__.py.in:277
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:269
+#: src/config/SSSDConfig/__init__.py.in:278
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:270
+#: src/config/SSSDConfig/__init__.py.in:279
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:271
+#: src/config/SSSDConfig/__init__.py.in:280
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:272
+#: src/config/SSSDConfig/__init__.py.in:281
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:273
+#: src/config/SSSDConfig/__init__.py.in:282
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:275
+#: src/config/SSSDConfig/__init__.py.in:283
+msgid "A list of extra attributes to download along with the user entry"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:285
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:278
+#: src/config/SSSDConfig/__init__.py.in:288
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:279
+#: src/config/SSSDConfig/__init__.py.in:289
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:280
+#: src/config/SSSDConfig/__init__.py.in:290
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:281
+#: src/config/SSSDConfig/__init__.py.in:291
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:282
+#: src/config/SSSDConfig/__init__.py.in:292
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:283
+#: src/config/SSSDConfig/__init__.py.in:293
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:285
+#: src/config/SSSDConfig/__init__.py.in:295
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:287
+#: src/config/SSSDConfig/__init__.py.in:296
+msgid "Type of the group and other flags"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:298
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:289
+#: src/config/SSSDConfig/__init__.py.in:300
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:290
+#: src/config/SSSDConfig/__init__.py.in:301
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:291
+#: src/config/SSSDConfig/__init__.py.in:302
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:292
+#: src/config/SSSDConfig/__init__.py.in:303
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:293
+#: src/config/SSSDConfig/__init__.py.in:304
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:294
+#: src/config/SSSDConfig/__init__.py.in:305
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:295
+#: src/config/SSSDConfig/__init__.py.in:306
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:297
+#: src/config/SSSDConfig/__init__.py.in:308
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:298
+#: src/config/SSSDConfig/__init__.py.in:309
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:299
+#: src/config/SSSDConfig/__init__.py.in:310
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:300
+#: src/config/SSSDConfig/__init__.py.in:311
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:301
+#: src/config/SSSDConfig/__init__.py.in:312
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:304
+#: src/config/SSSDConfig/__init__.py.in:315
msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:305
+#: src/config/SSSDConfig/__init__.py.in:316
msgid "Upper bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:306
+#: src/config/SSSDConfig/__init__.py.in:317
msgid "Number of IDs for each slice when ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:307
+#: src/config/SSSDConfig/__init__.py.in:318
msgid "Use autorid-compatible algorithm for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:308
+#: src/config/SSSDConfig/__init__.py.in:319
msgid "Name of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:309
+#: src/config/SSSDConfig/__init__.py.in:320
msgid "SID of the default domain for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:311
+#: src/config/SSSDConfig/__init__.py.in:322
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:312
+#: src/config/SSSDConfig/__init__.py.in:323
msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:313
+#: src/config/SSSDConfig/__init__.py.in:324
msgid "Set lower boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:314
+#: src/config/SSSDConfig/__init__.py.in:325
msgid "Set upper boundary for allowed IDs from the LDAP server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:317
+#: src/config/SSSDConfig/__init__.py.in:328
msgid "Policy to evaluate the password expiration"
msgstr "評估密碼過期時效的策略"
-#: src/config/SSSDConfig/__init__.py.in:320
-msgid "LDAP filter to determine access privileges"
-msgstr ""
-
-#: src/config/SSSDConfig/__init__.py.in:321
+#: src/config/SSSDConfig/__init__.py.in:332
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:322
+#: src/config/SSSDConfig/__init__.py.in:333
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:325
+#: src/config/SSSDConfig/__init__.py.in:336
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:326
+#: src/config/SSSDConfig/__init__.py.in:337
msgid "URI of a backup LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:327
+#: src/config/SSSDConfig/__init__.py.in:338
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:328
+#: src/config/SSSDConfig/__init__.py.in:339
msgid ""
"Whether to update the ldap_user_shadow_last_change attribute after a "
"password change"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:331
+#: src/config/SSSDConfig/__init__.py.in:342
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:332
+#: src/config/SSSDConfig/__init__.py.in:343
msgid "Automatic full refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:333
+#: src/config/SSSDConfig/__init__.py.in:344
msgid "Automatic smart refresh period"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:334
+#: src/config/SSSDConfig/__init__.py.in:345
msgid "Whether to filter rules by hostname, IP addresses and network"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:335
+#: src/config/SSSDConfig/__init__.py.in:346
msgid ""
"Hostnames and/or fully qualified domain names of this machine to filter sudo "
"rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:336
+#: src/config/SSSDConfig/__init__.py.in:347
msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:337
+#: src/config/SSSDConfig/__init__.py.in:348
msgid "Whether to include rules that contains netgroup in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:338
+#: src/config/SSSDConfig/__init__.py.in:349
msgid ""
"Whether to include rules that contains regular expression in host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:339
+#: src/config/SSSDConfig/__init__.py.in:350
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:340
+#: src/config/SSSDConfig/__init__.py.in:351
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:341
+#: src/config/SSSDConfig/__init__.py.in:352
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:342
+#: src/config/SSSDConfig/__init__.py.in:353
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:343
+#: src/config/SSSDConfig/__init__.py.in:354
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:344
+#: src/config/SSSDConfig/__init__.py.in:355
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:345
+#: src/config/SSSDConfig/__init__.py.in:356
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:346
+#: src/config/SSSDConfig/__init__.py.in:357
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:347
+#: src/config/SSSDConfig/__init__.py.in:358
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:348
+#: src/config/SSSDConfig/__init__.py.in:359
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:349
+#: src/config/SSSDConfig/__init__.py.in:360
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:352
+#: src/config/SSSDConfig/__init__.py.in:363
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:353
+#: src/config/SSSDConfig/__init__.py.in:364
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:354
+#: src/config/SSSDConfig/__init__.py.in:365
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:355
+#: src/config/SSSDConfig/__init__.py.in:366
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:356
+#: src/config/SSSDConfig/__init__.py.in:367
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:357
+#: src/config/SSSDConfig/__init__.py.in:368
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:360
+#: src/config/SSSDConfig/__init__.py.in:371
msgid "Comma separated list of allowed users"
msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig/__init__.py.in:361
+#: src/config/SSSDConfig/__init__.py.in:372
msgid "Comma separated list of prohibited users"
msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig/__init__.py.in:364
+#: src/config/SSSDConfig/__init__.py.in:375
msgid "Default shell, /bin/bash"
msgstr "預設 shell,/bin/bash"
-#: src/config/SSSDConfig/__init__.py.in:365
+#: src/config/SSSDConfig/__init__.py.in:376
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:368
+#: src/config/SSSDConfig/__init__.py.in:379
msgid "The name of the NSS library to use"
msgstr "要使用的 NSS 函式庫名稱"
-#: src/config/SSSDConfig/__init__.py.in:369
+#: src/config/SSSDConfig/__init__.py.in:380
msgid "Whether to look up canonical group name from cache if possible"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:372
+#: src/config/SSSDConfig/__init__.py.in:383
msgid "PAM stack to use"
msgstr "要使用的 PAM 堆疊"
-#: src/monitor/monitor.c:2646
+#: src/monitor/monitor.c:2665
msgid "Become a daemon (default)"
msgstr "作為幕後程式 (預設)"
-#: src/monitor/monitor.c:2648
+#: src/monitor/monitor.c:2667
msgid "Run interactive (not a daemon)"
msgstr "以互動方式執行 (非幕後程式)"
-#: src/monitor/monitor.c:2650 src/tools/sss_debuglevel.c:71
+#: src/monitor/monitor.c:2669 src/tools/sss_debuglevel.c:71
msgid "Specify a non-default config file"
msgstr "指定非預設的配置檔"
-#: src/monitor/monitor.c:2652
+#: src/monitor/monitor.c:2671
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2227 src/providers/ldap/ldap_child.c:435
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1975 src/providers/ldap/ldap_child.c:435
+#: src/util/util.h:107
msgid "Debug level"
msgstr "除錯層級"
-#: src/providers/krb5/krb5_child.c:2229 src/providers/ldap/ldap_child.c:437
-#: src/util/util.h:97
+#: src/providers/krb5/krb5_child.c:1977 src/providers/ldap/ldap_child.c:437
+#: src/util/util.h:111
msgid "Add debug timestamps"
msgstr "加入除錯時間戳記"
-#: src/providers/krb5/krb5_child.c:2231 src/providers/ldap/ldap_child.c:439
-#: src/util/util.h:99
+#: src/providers/krb5/krb5_child.c:1979 src/providers/ldap/ldap_child.c:439
+#: src/util/util.h:113
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:2233 src/providers/ldap/ldap_child.c:441
+#: src/providers/krb5/krb5_child.c:1981 src/providers/ldap/ldap_child.c:441
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2850
+#: src/providers/data_provider_be.c:2751
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -1143,74 +1172,80 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:387
+#: src/sss_client/pam_sss.c:382
msgid "Passwords do not match"
msgstr "密碼不相符"
-#: src/sss_client/pam_sss.c:575
+#: src/sss_client/pam_sss.c:570
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:616
+#: src/sss_client/pam_sss.c:611
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:617
+#: src/sss_client/pam_sss.c:612
msgid ", your cached password will expire at: "
msgstr ",您快取的密碼將在此刻過期:"
-#: src/sss_client/pam_sss.c:647
+#: src/sss_client/pam_sss.c:642
#, c-format
msgid "Your password has expired. You have %1$d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:693
+#: src/sss_client/pam_sss.c:688
#, c-format
msgid "Your password will expire in %1$d %2$s."
msgstr ""
-#: src/sss_client/pam_sss.c:742
+#: src/sss_client/pam_sss.c:737
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:763
+#: src/sss_client/pam_sss.c:758
msgid "System is offline, password change not possible"
msgstr "系統已離線,不可能作密碼變更"
-#: src/sss_client/pam_sss.c:793 src/sss_client/pam_sss.c:806
+#: src/sss_client/pam_sss.c:773
+msgid ""
+"After changing the OTP password, you need to log out and back in order to "
+"acquire a ticket"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:804 src/sss_client/pam_sss.c:817
msgid "Password change failed. "
msgstr "密碼變更失敗。"
-#: src/sss_client/pam_sss.c:796 src/sss_client/pam_sss.c:807
+#: src/sss_client/pam_sss.c:807 src/sss_client/pam_sss.c:818
msgid "Server message: "
msgstr "伺服器訊息:"
-#: src/sss_client/pam_sss.c:1231
+#: src/sss_client/pam_sss.c:1245
msgid "New Password: "
msgstr "新密碼:"
-#: src/sss_client/pam_sss.c:1232
+#: src/sss_client/pam_sss.c:1246
msgid "Reenter new Password: "
msgstr "再次輸入新密碼:"
-#: src/sss_client/pam_sss.c:1318
+#: src/sss_client/pam_sss.c:1334
msgid "Password: "
msgstr "密碼:"
-#: src/sss_client/pam_sss.c:1350
+#: src/sss_client/pam_sss.c:1366
msgid "Current Password: "
msgstr "目前的密碼:"
-#: src/sss_client/pam_sss.c:1497
+#: src/sss_client/pam_sss.c:1525
msgid "Password expired. Change your password now."
msgstr "密碼已過期。請立刻變更您的密碼。"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:652
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:655
#: src/tools/sss_userdel.c:134 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:528 src/tools/sss_debuglevel.c:69
+#: src/tools/sss_cache.c:541 src/tools/sss_debuglevel.c:69
msgid "The debug level to run with"
msgstr ""
@@ -1219,11 +1254,11 @@ msgstr ""
msgid "The SSSD domain to use"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:73
-#: src/tools/sss_groupadd.c:58 src/tools/sss_groupdel.c:53
-#: src/tools/sss_groupmod.c:65 src/tools/sss_groupshow.c:663
-#: src/tools/sss_userdel.c:151 src/tools/sss_usermod.c:74
-#: src/tools/sss_cache.c:561
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:667
+#: src/tools/sss_userdel.c:152 src/tools/sss_usermod.c:75
+#: src/tools/sss_cache.c:575
msgid "Error setting the locale\n"
msgstr "設定區域設置時發生錯誤\n"
@@ -1291,91 +1326,91 @@ msgstr "指定替代的骨幹目錄"
msgid "The SELinux user for user's login"
msgstr ""
-#: src/tools/sss_useradd.c:86 src/tools/sss_groupmod.c:78
-#: src/tools/sss_usermod.c:87
+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+#: src/tools/sss_usermod.c:88
msgid "Specify group to add to\n"
msgstr ""
-#: src/tools/sss_useradd.c:110
+#: src/tools/sss_useradd.c:111
msgid "Specify user to add\n"
msgstr "指定要加入的使用者\n"
-#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
-#: src/tools/sss_groupdel.c:78 src/tools/sss_groupmod.c:111
-#: src/tools/sss_groupshow.c:696 src/tools/sss_userdel.c:196
-#: src/tools/sss_usermod.c:128
-msgid "Error initializing the tools - no local domain\n"
-msgstr "初始化工具時發生錯誤 - 沒有本機網域\n"
-
#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-#: src/tools/sss_groupshow.c:698 src/tools/sss_userdel.c:198
+#: src/tools/sss_groupshow.c:701 src/tools/sss_userdel.c:198
#: src/tools/sss_usermod.c:130
+msgid "Error initializing the tools - no local domain\n"
+msgstr "初始化工具時發生錯誤 - 沒有本機網域\n"
+
+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+#: src/tools/sss_groupshow.c:703 src/tools/sss_userdel.c:200
+#: src/tools/sss_usermod.c:132
msgid "Error initializing the tools\n"
msgstr "初始化工具時發生錯誤\n"
-#: src/tools/sss_useradd.c:130 src/tools/sss_groupadd.c:95
-#: src/tools/sss_groupdel.c:89 src/tools/sss_groupmod.c:121
-#: src/tools/sss_groupshow.c:707 src/tools/sss_userdel.c:207
-#: src/tools/sss_usermod.c:139
+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+#: src/tools/sss_groupshow.c:712 src/tools/sss_userdel.c:209
+#: src/tools/sss_usermod.c:141
msgid "Invalid domain specified in FQDN\n"
msgstr "在 FQDN 內指定了無效的網域\n"
-#: src/tools/sss_useradd.c:139 src/tools/sss_groupmod.c:141
-#: src/tools/sss_groupmod.c:168 src/tools/sss_usermod.c:162
-#: src/tools/sss_usermod.c:189
+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:165
+#: src/tools/sss_usermod.c:194
msgid "Internal error while parsing parameters\n"
msgstr "當解析參數時發生內部錯誤\n"
-#: src/tools/sss_useradd.c:147 src/tools/sss_usermod.c:170
-#: src/tools/sss_usermod.c:197
+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:174
+#: src/tools/sss_usermod.c:203
msgid "Groups must be in the same domain as user\n"
msgstr "群組必須位於與使用者相同的網域內\n"
-#: src/tools/sss_useradd.c:155
+#: src/tools/sss_useradd.c:159
#, c-format
msgid "Cannot find group %1$s in local domain\n"
msgstr ""
-#: src/tools/sss_useradd.c:170 src/tools/sss_userdel.c:217
+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:219
msgid "Cannot set default values\n"
msgstr "無法設定預設值\n"
-#: src/tools/sss_useradd.c:177 src/tools/sss_usermod.c:153
+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:155
msgid "The selected UID is outside the allowed range\n"
msgstr "所選的 UID 位於許可的範圍外\n"
-#: src/tools/sss_useradd.c:206 src/tools/sss_usermod.c:264
+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:270
msgid "Cannot set SELinux login context\n"
msgstr ""
-#: src/tools/sss_useradd.c:221
+#: src/tools/sss_useradd.c:224
msgid "Cannot get info about the user\n"
msgstr "無法取得關於這位使用者的資訊\n"
-#: src/tools/sss_useradd.c:233
+#: src/tools/sss_useradd.c:236
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr "使用者的家目錄已經存在,不會從骨幹目錄複製資料\n"
-#: src/tools/sss_useradd.c:236
+#: src/tools/sss_useradd.c:239
#, c-format
msgid "Cannot create user's home directory: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:247
+#: src/tools/sss_useradd.c:250
#, c-format
msgid "Cannot create user's mail spool: %1$s\n"
msgstr ""
-#: src/tools/sss_useradd.c:266
+#: src/tools/sss_useradd.c:270
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "無法為使用者分配 ID - 網域已滿?\n"
-#: src/tools/sss_useradd.c:270
+#: src/tools/sss_useradd.c:274
msgid "A user or group with the same name or ID already exists\n"
msgstr "已經存在相同名稱的使用者或群組\n"
-#: src/tools/sss_useradd.c:276
+#: src/tools/sss_useradd.c:280
msgid "Transaction error. Could not add user.\n"
msgstr "處理事項發生錯誤。無法加入使用者。\n"
@@ -1383,50 +1418,50 @@ msgstr "處理事項發生錯誤。無法加入使用者。\n"
msgid "The GID of the group"
msgstr "群組的 GID"
-#: src/tools/sss_groupadd.c:75
+#: src/tools/sss_groupadd.c:76
msgid "Specify group to add\n"
msgstr "指定要加入的群組\n"
-#: src/tools/sss_groupadd.c:104 src/tools/sss_groupmod.c:192
+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
msgid "The selected GID is outside the allowed range\n"
msgstr "所選的 GID 位於許可的範圍外\n"
-#: src/tools/sss_groupadd.c:141
+#: src/tools/sss_groupadd.c:143
msgid "Could not allocate ID for the group - domain full?\n"
msgstr "無法為群組分配 ID - 網域已滿?\n"
-#: src/tools/sss_groupadd.c:145
+#: src/tools/sss_groupadd.c:147
msgid "A group with the same name or GID already exists\n"
msgstr "已經存在相同名稱的群組或 GID\n"
-#: src/tools/sss_groupadd.c:150
+#: src/tools/sss_groupadd.c:153
msgid "Transaction error. Could not add group.\n"
msgstr "處理事項發生錯誤。無法加入群組。\n"
-#: src/tools/sss_groupdel.c:69
+#: src/tools/sss_groupdel.c:70
msgid "Specify group to delete\n"
msgstr "指定要刪除的群組\n"
-#: src/tools/sss_groupdel.c:102
+#: src/tools/sss_groupdel.c:104
#, c-format
msgid "Group %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_groupdel.c:117 src/tools/sss_groupmod.c:219
-#: src/tools/sss_groupmod.c:226 src/tools/sss_groupmod.c:233
-#: src/tools/sss_userdel.c:294 src/tools/sss_usermod.c:241
-#: src/tools/sss_usermod.c:248 src/tools/sss_usermod.c:255
+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+#: src/tools/sss_userdel.c:295 src/tools/sss_usermod.c:247
+#: src/tools/sss_usermod.c:254 src/tools/sss_usermod.c:261
#, c-format
msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
msgstr ""
-#: src/tools/sss_groupdel.c:129
+#: src/tools/sss_groupdel.c:132
msgid ""
"No such group in local domain. Removing groups only allowed in local "
"domain.\n"
msgstr "在本機網域內沒有這樣的群組。只許可在本機網域內移除群組。\n"
-#: src/tools/sss_groupdel.c:134
+#: src/tools/sss_groupdel.c:137
msgid "Internal error. Could not remove group.\n"
msgstr "內部錯誤。無法移除群組。\n"
@@ -1438,92 +1473,92 @@ msgstr ""
msgid "Groups to remove this group from"
msgstr ""
-#: src/tools/sss_groupmod.c:86 src/tools/sss_usermod.c:95
+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:96
msgid "Specify group to remove from\n"
msgstr ""
-#: src/tools/sss_groupmod.c:100
+#: src/tools/sss_groupmod.c:101
msgid "Specify group to modify\n"
msgstr "指定要修改的群組\n"
-#: src/tools/sss_groupmod.c:128
+#: src/tools/sss_groupmod.c:130
msgid ""
"Cannot find group in local domain, modifying groups is allowed only in local "
"domain\n"
msgstr "在本機網域內找不到群組,只許可在本機網域內修改群組\n"
-#: src/tools/sss_groupmod.c:149 src/tools/sss_groupmod.c:176
+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
msgid "Member groups must be in the same domain as parent group\n"
msgstr "成員群組必須位於與親代群組相同的網域內\n"
-#: src/tools/sss_groupmod.c:157 src/tools/sss_groupmod.c:184
-#: src/tools/sss_usermod.c:178 src/tools/sss_usermod.c:205
+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+#: src/tools/sss_usermod.c:182 src/tools/sss_usermod.c:211
#, c-format
msgid ""
"Cannot find group %1$s in local domain, only groups in local domain are "
"allowed\n"
msgstr ""
-#: src/tools/sss_groupmod.c:250
+#: src/tools/sss_groupmod.c:257
msgid "Could not modify group - check if member group names are correct\n"
msgstr ""
-#: src/tools/sss_groupmod.c:254
+#: src/tools/sss_groupmod.c:261
msgid "Could not modify group - check if groupname is correct\n"
msgstr "無法修改群組 - 請檢查群組名稱是否正確\n"
-#: src/tools/sss_groupmod.c:258
+#: src/tools/sss_groupmod.c:265
msgid "Transaction error. Could not modify group.\n"
msgstr "處理事項發生錯誤。無法修改群組。\n"
-#: src/tools/sss_groupshow.c:599
+#: src/tools/sss_groupshow.c:602
#, c-format
msgid "%1$s%2$sGroup: %3$s\n"
msgstr ""
-#: src/tools/sss_groupshow.c:600
+#: src/tools/sss_groupshow.c:603
msgid "Magic Private "
msgstr "魔法隱私"
-#: src/tools/sss_groupshow.c:602
+#: src/tools/sss_groupshow.c:605
#, c-format
msgid "%1$sGID number: %2$d\n"
msgstr ""
-#: src/tools/sss_groupshow.c:604
+#: src/tools/sss_groupshow.c:607
#, c-format
msgid "%1$sMember users: "
msgstr ""
-#: src/tools/sss_groupshow.c:611
+#: src/tools/sss_groupshow.c:614
#, c-format
msgid ""
"\n"
"%1$sIs a member of: "
msgstr ""
-#: src/tools/sss_groupshow.c:618
+#: src/tools/sss_groupshow.c:621
#, c-format
msgid ""
"\n"
"%1$sMember groups: "
msgstr ""
-#: src/tools/sss_groupshow.c:654
+#: src/tools/sss_groupshow.c:657
msgid "Print indirect group members recursively"
msgstr "遞迴地列出間接的群組成員"
-#: src/tools/sss_groupshow.c:687
+#: src/tools/sss_groupshow.c:691
msgid "Specify group to show\n"
msgstr "指定要顯示的群組\n"
-#: src/tools/sss_groupshow.c:726
+#: src/tools/sss_groupshow.c:731
msgid ""
"No such group in local domain. Printing groups only allowed in local "
"domain.\n"
msgstr "本機網域內沒有這樣的群組。只許可在本機網域內列出群組。\n"
-#: src/tools/sss_groupshow.c:731
+#: src/tools/sss_groupshow.c:736
msgid "Internal error. Could not print group.\n"
msgstr "內部錯誤。無法列出群組。\n"
@@ -1543,52 +1578,52 @@ msgstr "強制檔案的移除並非由使用者所擁有"
msgid "Kill users' processes before removing him"
msgstr ""
-#: src/tools/sss_userdel.c:187
+#: src/tools/sss_userdel.c:188
msgid "Specify user to delete\n"
msgstr "指定要刪除的使用者\n"
-#: src/tools/sss_userdel.c:233
+#: src/tools/sss_userdel.c:234
#, c-format
msgid "User %1$s is outside the defined ID range for domain\n"
msgstr ""
-#: src/tools/sss_userdel.c:258
+#: src/tools/sss_userdel.c:259
msgid "Cannot reset SELinux login context\n"
msgstr ""
-#: src/tools/sss_userdel.c:270
+#: src/tools/sss_userdel.c:271
#, c-format
msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
msgstr ""
-#: src/tools/sss_userdel.c:275
+#: src/tools/sss_userdel.c:276
msgid "Cannot determine if the user was logged in on this platform"
msgstr ""
-#: src/tools/sss_userdel.c:280
+#: src/tools/sss_userdel.c:281
msgid "Error while checking if the user was logged in\n"
msgstr ""
-#: src/tools/sss_userdel.c:287
+#: src/tools/sss_userdel.c:288
#, c-format
msgid "The post-delete command failed: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:307
+#: src/tools/sss_userdel.c:308
msgid "Not removing home dir - not owned by user\n"
msgstr "不會移除家目錄 - 並非由使用者所擁有\n"
-#: src/tools/sss_userdel.c:309
+#: src/tools/sss_userdel.c:310
#, c-format
msgid "Cannot remove homedir: %1$s\n"
msgstr ""
-#: src/tools/sss_userdel.c:322
+#: src/tools/sss_userdel.c:324
msgid ""
"No such user in local domain. Removing users only allowed in local domain.\n"
msgstr "在本機網域內沒有這樣的使用者。只許可在本機網域內移除使用者。\n"
-#: src/tools/sss_userdel.c:327
+#: src/tools/sss_userdel.c:329
msgid "Internal error. Could not remove user.\n"
msgstr "內部錯誤。無法移除使用者。\n"
@@ -1612,102 +1647,102 @@ msgstr "鎖住這個帳號"
msgid "Unlock the account"
msgstr "解除這個帳號的鎖"
-#: src/tools/sss_usermod.c:119
+#: src/tools/sss_usermod.c:120
msgid "Specify user to modify\n"
msgstr "指定要修改的使用者\n"
-#: src/tools/sss_usermod.c:146
+#: src/tools/sss_usermod.c:148
msgid ""
"Cannot find user in local domain, modifying users is allowed only in local "
"domain\n"
msgstr "在本機網域內找不到使用者,只許可在本機網域內修改使用者\n"
-#: src/tools/sss_usermod.c:281
+#: src/tools/sss_usermod.c:287
msgid "Could not modify user - check if group names are correct\n"
msgstr "無法修改使用者 - 請檢查群組名稱是否正確\n"
-#: src/tools/sss_usermod.c:285
+#: src/tools/sss_usermod.c:291
msgid "Could not modify user - user already member of groups?\n"
msgstr "無法修改使用者 - 使用者是否已經是群組的成員?\n"
-#: src/tools/sss_usermod.c:289
+#: src/tools/sss_usermod.c:295
msgid "Transaction error. Could not modify user.\n"
msgstr "處理事項發生錯誤。無法修改使用者。\n"
-#: src/tools/sss_cache.c:171
+#: src/tools/sss_cache.c:169
msgid "No cache object matched the specified search\n"
msgstr ""
-#: src/tools/sss_cache.c:400
+#: src/tools/sss_cache.c:394
#, c-format
msgid "Couldn't invalidate %1$s"
msgstr ""
-#: src/tools/sss_cache.c:407
+#: src/tools/sss_cache.c:401
#, c-format
msgid "Couldn't invalidate %1$s %2$s"
msgstr ""
-#: src/tools/sss_cache.c:530
+#: src/tools/sss_cache.c:543
msgid "Invalidate all cached entries except for sudo rules"
msgstr ""
-#: src/tools/sss_cache.c:532
+#: src/tools/sss_cache.c:545
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:534
+#: src/tools/sss_cache.c:547
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:536
+#: src/tools/sss_cache.c:549
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:538
+#: src/tools/sss_cache.c:551
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:540
+#: src/tools/sss_cache.c:553
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:542
+#: src/tools/sss_cache.c:555
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:544
+#: src/tools/sss_cache.c:557
msgid "Invalidate particular service"
msgstr ""
-#: src/tools/sss_cache.c:546
+#: src/tools/sss_cache.c:559
msgid "Invalidate all services"
msgstr ""
-#: src/tools/sss_cache.c:549
+#: src/tools/sss_cache.c:562
msgid "Invalidate particular autofs map"
msgstr ""
-#: src/tools/sss_cache.c:551
+#: src/tools/sss_cache.c:564
msgid "Invalidate all autofs maps"
msgstr ""
-#: src/tools/sss_cache.c:554
+#: src/tools/sss_cache.c:567
msgid "Only invalidate entries from a particular domain"
msgstr ""
-#: src/tools/sss_cache.c:599
+#: src/tools/sss_cache.c:613
msgid "Please select at least one object to invalidate\n"
msgstr ""
-#: src/tools/sss_cache.c:669
+#: src/tools/sss_cache.c:684
#, c-format
msgid ""
"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
"use fully qualified name instead of --domain/-d parameter.\n"
msgstr ""
-#: src/tools/sss_cache.c:673
+#: src/tools/sss_cache.c:688
msgid "Could not open available domains\n"
msgstr ""
@@ -1723,12 +1758,12 @@ msgstr ""
msgid "Only one argument expected\n"
msgstr ""
-#: src/tools/tools_util.c:200
+#: src/tools/tools_util.c:204
#, c-format
msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
msgstr ""
-#: src/tools/tools_util.c:303
+#: src/tools/tools_util.c:309
msgid "Out of memory\n"
msgstr "記憶體耗盡\n"
@@ -1737,6 +1772,6 @@ msgstr "記憶體耗盡\n"
msgid "%1$s must be run as root\n"
msgstr ""
-#: src/util/util.h:95
+#: src/util/util.h:109
msgid "Send the debug output to files instead of stderr"
msgstr "傳送除錯輸出到檔案而不是標準輸出"
diff --git a/src/man/po/br.po b/src/man/po/br.po
index c6651d196..e967e6979 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Breton (http://www.transifex.com/projects/p/fedora/language/"
@@ -26,7 +26,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Dornlevr SSSD"
@@ -62,13 +62,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "DESKRIVADUR"
@@ -81,7 +81,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -128,18 +128,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "Ar restr gefluniañ evit SSSD"
@@ -197,75 +198,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "DIBARZHIOÙ"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "RANNOÙ DIBAR"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "Ar rann [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Arventennoù ar rann"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Dre ziouer : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domanioù"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -275,19 +363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -295,12 +383,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (neudennad)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -308,58 +396,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -368,7 +456,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -376,52 +464,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -431,22 +519,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -457,12 +544,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "RANNOÙ SERVIJOÙ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -471,82 +558,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Dre ziouer : true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -556,17 +583,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -574,18 +601,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -594,41 +622,54 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Dre ziouer : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -636,7 +677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -646,7 +687,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -655,17 +696,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -673,17 +714,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Dre ziouer : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -692,251 +733,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -944,59 +985,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Dre zoiuer : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1004,7 +1045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1013,17 +1054,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1031,63 +1072,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Dre ziouer : 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1095,51 +1136,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1151,7 +1192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1162,24 +1203,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1187,12 +1228,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1201,24 +1242,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "RANNOÙ DOMANI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1227,47 +1268,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1279,14 +1320,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1295,41 +1336,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "full_name_format (string)"
msgid "subdomain_enumerate (string)"
msgstr "full_name_format (neudennad)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1338,149 +1379,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1489,17 +1541,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1508,33 +1560,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1542,8 +1594,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1552,8 +1604,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1561,19 +1613,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1582,7 +1634,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1590,17 +1642,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1608,19 +1660,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1628,7 +1680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1636,30 +1688,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1667,19 +1719,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1688,24 +1740,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1713,7 +1765,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1721,35 +1773,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1757,23 +1809,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1781,7 +1847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1789,31 +1855,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1821,23 +1887,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1845,7 +1911,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1853,24 +1919,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1878,12 +1944,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1893,7 +1959,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1902,29 +1968,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1932,7 +1998,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1940,66 +2006,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2007,62 +2073,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2071,54 +2137,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2126,29 +2192,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2156,19 +2222,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2176,73 +2242,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2250,17 +2316,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2269,17 +2335,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2287,17 +2353,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2305,18 +2371,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2346,7 +2412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2359,6 +2425,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2387,8 +2458,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2479,15 +2550,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2687,7 +2758,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2747,7 +2818,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2764,7 +2835,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2774,14 +2845,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3050,21 +3121,77 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "filter_users, filter_groups (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "filter_users, filter_groups (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3073,24 +3200,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3098,54 +3225,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3153,14 +3279,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3168,17 +3294,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3186,14 +3312,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3201,94 +3327,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3296,17 +3447,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3314,14 +3465,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3329,7 +3480,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3338,18 +3489,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3357,172 +3508,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3530,7 +3681,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3538,12 +3689,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3551,12 +3702,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3567,12 +3718,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3580,12 +3731,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3594,34 +3745,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3629,14 +3780,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3644,17 +3795,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3664,12 +3815,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3677,17 +3828,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3695,13 +3846,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3710,7 +3861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3718,26 +3869,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3745,7 +3896,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3753,7 +3904,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3761,41 +3912,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3804,32 +3955,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3837,24 +3988,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3862,17 +4013,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3883,29 +4034,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3914,17 +4065,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3932,49 +4083,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3982,27 +4133,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4014,7 +4165,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4022,7 +4173,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4030,39 +4181,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4072,7 +4223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4080,26 +4231,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4107,32 +4258,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4141,88 +4299,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4231,24 +4390,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4256,19 +4415,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4277,7 +4436,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4285,7 +4444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4294,7 +4453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4302,108 +4461,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4414,7 +4573,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4432,213 +4591,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4646,106 +4805,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4754,168 +4908,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: auto.master"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4923,7 +5041,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4931,7 +5049,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4944,20 +5062,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4990,11 +5108,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5002,34 +5120,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5037,56 +5155,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5094,7 +5224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5106,7 +5236,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5118,6 +5248,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5130,7 +5265,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5260,7 +5395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5305,6 +5440,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5392,7 +5532,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5407,7 +5547,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5422,12 +5562,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5448,12 +5588,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5478,7 +5618,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5495,12 +5635,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5508,12 +5648,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5532,19 +5672,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5574,101 +5714,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5676,12 +5807,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5689,17 +5867,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5707,12 +5885,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5721,342 +5899,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6064,7 +5970,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6076,7 +5982,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6084,7 +5990,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6098,6 +6004,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6145,7 +6056,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6164,44 +6075,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6211,12 +6131,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6224,19 +6144,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6246,8 +6166,171 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "ad_access_filter (string)"
+msgstr "full_name_format (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: Not set"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: permissive"
+msgstr "Dre ziouer : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6258,29 +6341,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6288,7 +6371,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6303,7 +6386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6312,7 +6395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6320,7 +6403,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6385,20 +6468,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6414,20 +6518,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6438,7 +6542,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6447,7 +6551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6458,7 +6562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6469,7 +6573,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6477,37 +6581,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6694,6 +6798,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6951,6 +7062,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7049,106 +7165,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7161,7 +7273,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7170,7 +7282,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7180,19 +7292,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: root"
msgid "Default: (from libkrb5)"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7200,7 +7312,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7211,36 +7323,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7248,91 +7360,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7340,81 +7452,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7428,7 +7513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7437,7 +7522,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8001,6 +8086,162 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "user_attributes (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8182,7 +8423,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8332,13 +8573,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8347,7 +8630,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8355,7 +8638,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8364,7 +8647,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8372,7 +8655,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8385,13 +8668,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8399,7 +8682,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8407,24 +8690,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8434,24 +8717,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8461,30 +8744,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8492,36 +8799,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8530,6 +8837,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8548,104 +8926,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8721,13 +9113,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8735,37 +9128,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index 1a646fcb1..4d78e4fe6 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
@@ -27,7 +27,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Pàgines de manual de l'SSSD"
@@ -62,13 +62,13 @@ msgstr ""
"replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "DESCRIPCIÓ"
@@ -83,7 +83,7 @@ msgstr ""
"que s'especifiquen a la línia d'ordres."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -137,18 +137,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Formats de fitxer i convencions"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "l'arxiu de configuració per a SSSD"
@@ -221,26 +222,113 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "OPCIONS AVANÇADES"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (Enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "Afegir una marca de temps als missatges de depuració"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Per defecte: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Per defecte: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (Enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Per defecte: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "SECCIONS ESPECIALS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "La secció [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Paràmetres de la secció"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -249,12 +337,12 @@ msgstr ""
"posteriors fan servir la versió 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "serveis"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -262,21 +350,21 @@ msgstr ""
"sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -285,17 +373,17 @@ msgstr ""
"caiguda del Proveïdor de Dades o reiniciar abans de donar-se per vençuts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Per defecte: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "dominis"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -305,19 +393,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -325,12 +413,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -338,58 +426,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -402,7 +490,7 @@ msgstr ""
"segons si inotify no es pot utilitzar."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -413,7 +501,7 @@ msgstr ""
"aquesta opció a 'false'"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -422,7 +510,7 @@ msgstr ""
"plataformes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -431,12 +519,12 @@ msgstr ""
"En aquestes plataformes, sempre s'utilitzarà el sondeig."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -445,26 +533,26 @@ msgstr ""
"de Kerberos"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -474,22 +562,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -506,12 +593,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "SECCIONS DE SERVEIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -524,82 +611,22 @@ msgstr ""
"quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Opcions de configuració del servei general"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Aquestes opcions es poden utilitzar per a configurar qualsevol servei."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (Enter)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (bool)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "Afegir una marca de temps als missatges de depuració"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Per defecte: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Per defecte: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (Enter)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Per defecte: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -609,17 +636,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -627,18 +654,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Per defecte: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -647,13 +675,28 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "timeout (Enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "Opcions de configuració d'NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -661,12 +704,12 @@ msgstr ""
"servei de nom (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -675,17 +718,17 @@ msgstr ""
"(peticions d'informació sobre tots els usuaris)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Per defecte: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -696,7 +739,7 @@ msgstr ""
"valor entry_cache_timeout per al domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -712,7 +755,7 @@ msgstr ""
"peticions que esperen per a una actualització de la memòria cau."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -725,17 +768,17 @@ msgstr ""
"(0 desactiva aquesta característica)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -747,17 +790,17 @@ msgstr ""
"altra vegada."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Per defecte: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -766,17 +809,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Per defecte: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -784,187 +827,187 @@ msgstr ""
"aquesta opció a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Per defecte: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "Opcions de configuració de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -973,12 +1016,12 @@ msgstr ""
"Authentication Module (PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -988,17 +1031,17 @@ msgstr ""
"de sessió)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1007,12 +1050,12 @@ msgstr ""
"fallits es permet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1022,7 +1065,7 @@ msgstr ""
"possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1030,17 +1073,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Per defecte: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1049,43 +1092,43 @@ msgstr ""
"autenticació. Com més gran sigui el nombre més missatges es mostren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "L'Sssd suporta actualment els següents valors:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Per defecte: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (Enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1097,7 +1140,7 @@ msgstr ""
"l'última informació."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1111,17 +1154,17 @@ msgstr ""
"proveïdor d'identitat."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1129,63 +1172,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Per defecte: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1193,51 +1236,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1249,7 +1292,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1260,24 +1303,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1285,12 +1328,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1299,17 +1342,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "SECCIONS DE DOMINI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (Enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1318,7 +1361,7 @@ msgstr ""
"fora d'aquests límits, s'ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1331,24 +1374,24 @@ msgstr ""
"com s'esperava."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1357,23 +1400,23 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Els usuaris i grups s'enumeren"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Cap enumeració per a aquest domini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Per defecte: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1385,7 +1428,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1395,7 +1438,7 @@ msgstr ""
"finalitzi."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1409,41 +1452,41 @@ msgstr ""
"ús."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "ldap_user_name (string)"
msgid "subdomain_enumerate (string)"
msgstr "ldap_user_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1452,17 +1495,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Per defecte: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (Enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1471,134 +1514,145 @@ msgstr ""
"demanar al rerefons una altra vegada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Per defecte: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si les credencials d'usuari també són emmagatzemades en la memòria "
"cau local de LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (Enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1611,17 +1665,17 @@ msgstr ""
"ha de ser superior o igual a offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1630,33 +1684,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1664,8 +1718,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1674,8 +1728,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1683,19 +1737,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1708,7 +1762,7 @@ msgstr ""
"trobaria l'usuari mentre que <command>getent passwd test@LOCAL</command> si."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1716,17 +1770,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1734,12 +1788,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1748,7 +1802,7 @@ msgstr ""
"d'autenticació suportats són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1759,7 +1813,7 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1770,7 +1824,7 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -1778,12 +1832,12 @@ msgstr ""
"de PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1792,12 +1846,12 @@ msgstr ""
"gestionar les sol·licituds d'autenticació."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1808,19 +1862,19 @@ msgstr ""
"instal·lats) Els proveïdors especials interns són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> sempre denega l'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1833,17 +1887,17 @@ msgstr ""
"configuració del mòdul d'accés simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Per defecte: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1852,7 +1906,7 @@ msgstr ""
"al domini. Els proveïdors de canvi de contrasenya compatibles són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1864,7 +1918,7 @@ msgstr ""
"configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1875,7 +1929,7 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1883,12 +1937,12 @@ msgstr ""
"objectiu de PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1897,17 +1951,17 @@ msgstr ""
"gestionar peticions de canvi de contrasenya."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1915,23 +1969,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1939,7 +2007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1947,31 +2015,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1979,23 +2047,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2003,7 +2071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2011,24 +2079,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2036,12 +2104,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2051,7 +2119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2060,29 +2128,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2093,7 +2161,7 @@ msgstr ""
"quote> , el domini tot el que ve després\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2101,7 +2169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2110,17 +2178,17 @@ msgstr ""
"sintaxi Python (?P &lt;name&gt;) a l'etiqueta subpatterns."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2129,42 +2197,42 @@ msgstr ""
"realitzar cerques de DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Valors admesos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Per defecte: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2175,18 +2243,18 @@ msgstr ""
"aquest temps d'espera, el domini seguirà operant en el mode fora de línia."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Per defecte: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2195,44 +2263,44 @@ msgstr ""
"del domini de la consulta DNS del servei de descobriment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2241,54 +2309,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2299,17 +2367,17 @@ msgstr ""
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "El servidor intermediari on re-envia PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2318,12 +2386,12 @@ msgstr ""
"de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2334,7 +2402,7 @@ msgstr ""
"$(libName)_$(function), per exemple _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2343,12 +2411,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "La secció de domini local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2359,29 +2427,29 @@ msgstr ""
"<replaceable>id_provider = local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'intèrpret d'ordres per defecte per als usuaris creats amb eines SSSD "
"d'espai d'usuari."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Per defecte: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2390,46 +2458,46 @@ msgstr ""
"replaceable> i utilitzen això com el directori d'usuari."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Per defecte: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Per defecte: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2440,17 +2508,17 @@ msgstr ""
"defecte en un directori personal acabat de crear."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Per defecte: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2463,17 +2531,17 @@ msgstr ""
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Per defecte: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2484,17 +2552,17 @@ msgstr ""
"s'especifica, s'utilitzarà un valor per defecte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Per defecte: <filename>/var/correu</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2505,18 +2573,18 @@ msgstr ""
"té en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Per defecte: Cap, no s'executa cap comanda"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2571,7 +2639,7 @@ msgstr ""
"\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2588,6 +2656,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2629,8 +2702,8 @@ msgstr ""
"informació sobre l'ús d'LDAP com un proveïdor d'accés."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONS DE CONFIGURACIÓ"
@@ -2724,15 +2797,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2937,7 +3010,7 @@ msgstr ""
"L'atribut LDAP que correspon a l'identificador del grup primari de l'usuari."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "Per defecte: gidNumber"
@@ -2999,7 +3072,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "L'atribut LDAP que conté el UUID/GUID d'un objecte d'usuari d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Per defecte: nsUniqueId"
@@ -3016,7 +3089,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -3026,7 +3099,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3035,7 +3108,7 @@ msgstr ""
"pare."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Per defecte: modifyTimestamp"
@@ -3336,21 +3409,77 @@ msgstr "Per defecte: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3363,24 +3492,24 @@ msgstr ""
"voleu utilitzar un àmbit en majúscules."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3391,54 +3520,53 @@ msgstr ""
"los per estalviar espai."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr "A zero, aquesta opció desactivarà l'operació de neteja de memòria cau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Per defecte: 10800 (12 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Per defecte: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "L'atribut LDAP que llista la pertanença a grups de l'usuari."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "Per defecte: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3449,7 +3577,7 @@ msgstr ""
"l'usuari per determinar els privilegis d'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3458,7 +3586,7 @@ msgstr ""
"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3466,17 +3594,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "Per defecte: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3484,14 +3612,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3499,94 +3627,123 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "La classe d'objecte d'una entrada de grup a LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Per defecte: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "L'atribut LDAP que es correspon amb el nom del grup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "L'atribut LDAP que correspon a l'identificador del grup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "L'atribut LDAP que conté els noms dels membres del grup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "L'atribut LDAP que conté el UUID/GUID d'objecte de grup LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "L'atribut LDAP que conté els noms dels membres del grup."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3597,17 +3754,17 @@ msgstr ""
"seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Per defecte: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3615,14 +3772,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3630,7 +3787,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3639,18 +3796,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3658,173 +3815,173 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objecte d'una entrada de netgroup a LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "Per defecte: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'atribut LDAP que es correspon amb el nom del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'atribut LDAP que conté els noms dels membres del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "Per defecte: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Per defecte: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr "L'atribut LDAP que conté el UUID/GUID d'un objecte de netgroup d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3832,7 +3989,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3840,12 +3997,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3853,12 +4010,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3875,12 +4032,12 @@ msgstr ""
"manvolnum></citerefentry> retorna en cas de cap activitat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3891,12 +4048,12 @@ msgstr ""
"temps d'espera en comunicar amb el KDC en cas d'un vincle SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3905,34 +4062,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3940,14 +4097,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3955,17 +4112,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3975,12 +4132,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3988,17 +4145,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4006,13 +4163,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4021,7 +4178,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4029,12 +4186,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4044,7 +4201,7 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4053,7 +4210,7 @@ msgstr ""
"certificat del servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4065,7 +4222,7 @@ msgstr ""
"normalment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4076,7 +4233,7 @@ msgstr ""
"proporciona un certificat dolent, immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4087,22 +4244,22 @@ msgstr ""
"immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Per defecte: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4111,7 +4268,7 @@ msgstr ""
"Certificació que reconeixerà l'<command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4120,12 +4277,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4139,32 +4296,32 @@ msgstr ""
"correctes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4172,12 +4329,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4186,12 +4343,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> per a protegir el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4199,17 +4356,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4220,17 +4377,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4239,12 +4396,12 @@ msgstr ""
"i suportat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4253,17 +4410,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4271,51 +4428,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4326,27 +4483,27 @@ msgstr ""
"seleccionat és GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Per defecte: 86400 (24 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4358,7 +4515,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4369,7 +4526,7 @@ msgstr ""
"retorna a _tcp si no se'n troba cap."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4381,41 +4538,41 @@ msgstr ""
"<quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Especifica l'àmbit KERBEROS (per a autenticació SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
"krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4425,7 +4582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4433,12 +4590,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4447,7 +4604,7 @@ msgstr ""
"costat del client. S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4456,7 +4613,7 @@ msgstr ""
"opció no inhabilita les polítiques de contrasenya de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4464,7 +4621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4475,19 +4632,26 @@ msgstr ""
"chpass_provider=krb5 per actualitzar aquests atributs quan es canvia la "
"contrasenya."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4496,7 +4660,7 @@ msgstr ""
"quan és compilat amb la versió d'OpenLDAP 2.4.13 o superior."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4505,29 +4669,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nom de servei per utilitzar quan està habilitada la detecció "
"de serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Per defecte: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -4536,50 +4700,55 @@ msgstr ""
"permet canvis de contrasenya quan està habilitada la detecció de serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -4587,16 +4756,20 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"Aquest exemple significa que l'accés a aquesta màquina està restringit als "
"membres del grup d'ldap \"allowedusers\"."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4609,17 +4782,17 @@ msgstr ""
"concedint accés en estar fora de línia i viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "Per defecte: Buit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4628,7 +4801,7 @@ msgstr ""
"d'atributs de control d'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4640,12 +4813,12 @@ msgstr ""
"contrasenya és correcta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4654,7 +4827,7 @@ msgstr ""
"determinar si el compte ha caducat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4663,7 +4836,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4671,7 +4844,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4680,7 +4853,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4688,29 +4861,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Llista separada per comes d'opcions de control d'accés. Els valors permesos "
"són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4719,17 +4892,17 @@ msgstr ""
"authorizedService per determinar l'accés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Per defecte: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -4738,12 +4911,12 @@ msgstr ""
"s'utilitza més d'una vegada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4752,13 +4925,13 @@ msgstr ""
"cerca. S'admeten les opcions següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4768,7 +4941,7 @@ msgstr ""
"de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4777,7 +4950,7 @@ msgstr ""
"només en localitzar l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4786,7 +4959,7 @@ msgstr ""
"en la recerca i en la localització de l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4795,19 +4968,19 @@ msgstr ""
"llibreries client d'LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4818,7 +4991,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4842,213 +5015,213 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5056,106 +5229,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5164,168 +5332,134 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_user_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_user_name (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: auto.master"
+msgstr "Per defecte: false"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "OPCIONS AVANÇADES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5336,7 +5470,7 @@ msgstr ""
"sabeu el que estau fent. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5347,7 +5481,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -5360,20 +5494,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5412,11 +5546,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5427,22 +5561,22 @@ msgstr ""
"<command>syslog(3)</command> amb el canal LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -5451,12 +5585,12 @@ msgstr ""
"a la pila per tal que altres mòduls PAM l'utilitzin."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5467,12 +5601,12 @@ msgstr ""
"la contrasenya no és correcte, se li negarà l'accés a l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -5481,12 +5615,12 @@ msgstr ""
"la proporcionada per un mòdul de contrasenya prèviament apilat."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -5495,7 +5629,7 @@ msgstr ""
"cas de fallar l'autenticació. Per defecte és 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5506,13 +5640,27 @@ msgstr ""
"l'usuari. Un exemple típic és <command>sshd</command> amb "
"<option>PasswordAuthentication</option>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "MÒDUL TIPUS PROPORCIONATS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -5521,12 +5669,12 @@ msgstr ""
"option>, <option>contrasenya</option> i <option>sessió</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "ARXIUS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5538,7 +5686,7 @@ msgstr ""
"sobre com restaurar una contrasenya."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5550,7 +5698,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5565,6 +5713,13 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5577,7 +5732,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5734,7 +5889,7 @@ msgstr ""
"locals."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5792,6 +5947,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5894,7 +6054,7 @@ msgstr ""
"complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5909,7 +6069,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5924,12 +6084,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5950,12 +6110,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5980,7 +6140,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5997,12 +6157,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6010,12 +6170,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6034,19 +6194,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -6076,73 +6236,64 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6151,7 +6302,7 @@ msgstr ""
"suplantada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6160,21 +6311,21 @@ msgstr ""
"proveïdor Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6182,12 +6333,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Per defecte: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6195,17 +6396,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6213,12 +6414,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6227,342 +6428,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6570,7 +6499,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6582,7 +6511,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6594,7 +6523,7 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6612,6 +6541,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6659,7 +6593,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6678,44 +6612,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6725,12 +6668,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6738,19 +6681,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6760,8 +6703,173 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: Not set"
+msgstr "Per defecte: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ldap_referrals (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ldap_referrals (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: permissive"
+msgstr "Per defecte: true"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6772,29 +6880,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6802,7 +6910,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6817,7 +6925,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6826,7 +6934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6834,7 +6942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6899,20 +7007,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6928,20 +7057,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6952,7 +7081,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6961,7 +7090,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6972,7 +7101,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6983,7 +7112,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6991,37 +7120,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -7236,6 +7365,13 @@ msgstr ""
"Demana a l'SSSD d'anar immediatament en línia. Això és útil principalment "
"per a propòsits de comprovacions."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -7544,6 +7680,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7642,106 +7783,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7754,7 +7891,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7763,7 +7900,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7773,19 +7910,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7793,7 +7930,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7804,36 +7941,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7841,91 +7978,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7933,81 +8070,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -8021,7 +8131,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -8030,7 +8140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8594,6 +8704,201 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Aquesta pàgina del manual descriu la configuració del proveïdor IPA per "
+"<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry>. Per una referència detallada sintaxi, aneu a la secció de "
+"<quote>FORMAT DE FITXER</quote> de la pàgina del manual "
+"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr "Aquestes opcions es poden utilitzar per a configurar qualsevol servei."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_name (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_name (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "Per defecte: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "Per defecte: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "Default: homeDirectory"
+msgid "homeDirectory"
+msgstr "Per defecte: homeDirectory"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "Per defecte: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Totes les opcions comunes de configuració que s'apliquen als dominis SSD "
+"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS "
+"DE DOMINI</quote> de la pàgina de manual de <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8775,7 +9080,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8925,13 +9230,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8940,7 +9287,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8948,7 +9295,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8957,7 +9304,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8965,7 +9312,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8978,13 +9325,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8992,7 +9339,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -9000,24 +9347,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -9027,24 +9374,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -9054,30 +9401,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -9085,36 +9456,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -9123,6 +9494,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -9141,106 +9583,122 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -9314,13 +9772,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -9328,37 +9787,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 8f34ea25c..ef3c49eb5 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2012-05-22 13:44+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/"
@@ -26,7 +26,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Manuálové stránky SSSD"
@@ -59,13 +59,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "POPIS"
@@ -78,7 +78,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -123,18 +123,19 @@ msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -192,75 +193,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "VOLBY"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -270,19 +358,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -290,12 +378,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -303,58 +391,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -363,7 +451,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -371,52 +459,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -426,22 +514,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -452,12 +539,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -466,82 +553,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -551,17 +578,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -569,18 +596,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -589,41 +617,54 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -631,7 +672,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -641,7 +682,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -650,17 +691,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -668,17 +709,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -687,251 +728,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -939,59 +980,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -999,7 +1040,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1008,17 +1049,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1026,63 +1067,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1090,51 +1131,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1146,7 +1187,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1157,24 +1198,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1182,12 +1223,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1196,24 +1237,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1222,47 +1263,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1274,14 +1315,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1290,39 +1331,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1331,149 +1372,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1482,17 +1534,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1501,33 +1553,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1535,8 +1587,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1545,8 +1597,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1554,19 +1606,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1575,7 +1627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1583,17 +1635,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1601,19 +1653,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1621,7 +1673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1629,30 +1681,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1660,19 +1712,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1681,24 +1733,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1706,7 +1758,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1714,35 +1766,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1750,23 +1802,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1774,7 +1840,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1782,31 +1848,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1814,23 +1880,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1838,7 +1904,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1846,24 +1912,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1871,12 +1937,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1886,7 +1952,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1895,29 +1961,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1925,7 +1991,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1933,66 +1999,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2000,62 +2066,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2064,54 +2130,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2119,29 +2185,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2149,19 +2215,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2169,73 +2235,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2243,17 +2309,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2262,17 +2328,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2280,17 +2346,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2298,18 +2364,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2339,7 +2405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2352,6 +2418,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2380,8 +2451,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2472,15 +2543,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2680,7 +2751,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2740,7 +2811,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2757,7 +2828,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2767,14 +2838,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3043,21 +3114,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3066,24 +3191,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3091,54 +3216,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3146,14 +3270,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3161,17 +3285,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3179,14 +3303,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3194,94 +3318,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3289,17 +3438,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3307,14 +3456,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3322,7 +3471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3331,18 +3480,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3350,172 +3499,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3523,7 +3672,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3531,12 +3680,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3544,12 +3693,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3560,12 +3709,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3573,12 +3722,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3587,34 +3736,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3622,14 +3771,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3637,17 +3786,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3657,12 +3806,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3670,17 +3819,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3688,13 +3837,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3703,7 +3852,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3711,26 +3860,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3738,7 +3887,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3746,7 +3895,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3754,41 +3903,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3797,32 +3946,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3830,24 +3979,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3855,17 +4004,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3876,29 +4025,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3907,17 +4056,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3925,49 +4074,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3975,27 +4124,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4007,7 +4156,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4015,7 +4164,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4023,39 +4172,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4065,7 +4214,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4073,26 +4222,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4100,32 +4249,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4134,88 +4290,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4224,24 +4381,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4249,19 +4406,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4270,7 +4427,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4278,7 +4435,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4287,7 +4444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4295,108 +4452,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4407,7 +4564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4425,213 +4582,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4639,106 +4796,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4747,168 +4899,130 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4916,7 +5030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4924,7 +5038,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4937,20 +5051,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4979,17 +5093,25 @@ msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+#| "replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+#| "arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>volby</"
+"replaceable> </arg> <arg choice='plain'><replaceable>SKUPINA</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4997,34 +5119,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5032,56 +5154,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5089,7 +5223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5101,7 +5235,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5113,8 +5247,24 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
@@ -5125,9 +5275,18 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:48
@@ -5255,7 +5414,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5300,6 +5459,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5387,7 +5551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5402,7 +5566,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5417,12 +5581,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5443,12 +5607,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5473,7 +5637,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5490,12 +5654,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5503,12 +5667,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5527,19 +5691,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5569,101 +5733,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5671,12 +5826,57 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+msgid "Default: try"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5684,17 +5884,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5702,12 +5902,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5716,342 +5916,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6059,7 +5987,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6071,7 +5999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6079,7 +6007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6093,6 +6021,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6140,7 +6073,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6159,44 +6092,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6206,12 +6148,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6219,19 +6161,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6241,8 +6183,163 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6253,29 +6350,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6283,7 +6380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6298,7 +6395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6307,7 +6404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6315,7 +6412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6380,20 +6477,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6409,20 +6527,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6433,7 +6551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6442,7 +6560,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6453,7 +6571,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6464,7 +6582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6472,37 +6590,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6689,6 +6807,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6946,6 +7071,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7044,106 +7174,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7156,7 +7282,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7165,7 +7291,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7175,17 +7301,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7193,7 +7319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7204,36 +7330,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7241,91 +7367,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7333,81 +7459,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7421,7 +7520,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7430,7 +7529,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8013,6 +8112,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8194,7 +8447,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8344,13 +8597,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8359,7 +8654,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8367,7 +8662,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8376,7 +8671,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8384,7 +8679,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8397,13 +8692,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8411,7 +8706,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8419,24 +8714,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8446,24 +8741,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8473,30 +8768,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8504,36 +8823,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8542,6 +8861,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
#, fuzzy
@@ -8562,104 +8952,118 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8735,13 +9139,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8749,37 +9154,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -8854,24 +9254,3 @@ msgstr ""
#: include/override_homedir.xml:50
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
-
-#~ msgid ""
-#~ "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-#~ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#~ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-#~ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#~ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-#~ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
-#~ msgstr ""
-#~ "<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
-#~ "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#~ "<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
-#~ "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-#~ "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-#~ "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
-#~ "refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
diff --git a/src/man/po/de.po b/src/man/po/de.po
index c51b465d5..57a7e61d5 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:27+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
@@ -26,7 +26,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "SSSD-Handbuchseite"
@@ -62,13 +62,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "BESCHREIBUNG"
@@ -83,7 +83,7 @@ msgstr ""
"Befehlszeile angegebenen Änderungen widerzuspiegeln."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -138,18 +138,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Dateiformate und Konventionen"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "die Konfigurationsdatei für SSSD"
@@ -224,26 +225,116 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "ERWEITERTE OPTIONEN"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "fügt den Debug-Nachrichten einen Zeitstempel hinzu"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Voreinstellung: »true«"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr "fügt dem Zeitstempel der Debug-Nachrichten Mikrosekunden hinzu"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Voreinstellung: »false«"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Zeitüberschreitung in Sekunden zwischen Herzschlägen dieses Dienstes. Dies "
+"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, "
+"Anfragen zu beantworten."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Voreinstellung: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "BESONDERE ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "Der Abschnitt [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Abschnittsparameter"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -252,12 +343,12 @@ msgstr ""
"Version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "Dienste"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -265,12 +356,18 @@ msgstr ""
"gestartet werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
+#, fuzzy
+#| msgid ""
+#| "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+#| "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+#| "condition=\"with_ssh\">, ssh</phrase> <phrase condition="
+#| "\"with_pac_responder\">, pac</phrase>"
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
"Unterstützte Dienste: nss, pam <phrase condition=\"with_sudo\">, sudo</"
"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -278,12 +375,12 @@ msgstr ""
"\">, pac</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -293,18 +390,18 @@ msgstr ""
"startet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Voreinstellung: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
#, fuzzy
msgid "domains"
msgstr "IPA-Domain"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -320,12 +417,12 @@ msgstr ""
"Gedankenstrichen und Unterstrichen bestehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -335,7 +432,7 @@ msgstr ""
"werden sollen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -347,12 +444,12 @@ msgstr ""
"unter DOMAIN-ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -364,32 +461,32 @@ msgstr ""
"zusammengestellt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -398,7 +495,7 @@ msgstr ""
"direkt konfiguriert als auch über IPA-Trust"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -408,7 +505,7 @@ msgstr ""
# FIXME s/see/See/
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -418,12 +515,12 @@ msgstr ""
"ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -437,7 +534,7 @@ msgstr ""
"abzufragen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -448,7 +545,7 @@ msgstr ""
"sollte diese Option auf »false« gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -457,7 +554,7 @@ msgstr ""
"»false« auf anderen Plattformen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -466,19 +563,19 @@ msgstr ""
"verfügbar ist, keine Auswirkungen haben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -488,7 +585,7 @@ msgstr ""
"Ort für den Replay-Zwischenspeicher ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -497,13 +594,13 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (Zeichenkette)"
# FIXME s/is environments/are environments/
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -519,7 +616,7 @@ msgstr ""
"ihrem Benutzernamen ohne auch eine Domain anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
@@ -529,15 +626,14 @@ msgstr ""
"benutzer@domain.name verwenden müssen."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Voreinstellung: nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -554,13 +650,13 @@ msgstr ""
"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "DIENSTABSCHNITTE"
# FIXME s/</quote>/</quote>./
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -573,85 +669,22 @@ msgstr ""
"Abschnitt zum Beispiel <quote>[nss]</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (Ganzzahl)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (Boolesch)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "fügt den Debug-Nachrichten einen Zeitstempel hinzu"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Voreinstellung: »true«"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (Boolesch)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr "fügt dem Zeitstempel der Debug-Nachrichten Mikrosekunden hinzu"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Voreinstellung: »false«"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (Ganzzahl)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-"Zeitüberschreitung in Sekunden zwischen Herzschlägen dieses Dienstes. Dies "
-"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, "
-"Anfragen zu beantworten."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Voreinstellung: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -667,17 +700,17 @@ msgstr ""
"Begrenzung in der »limit.conf« sein."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -689,18 +722,19 @@ msgstr ""
"des Systems blockiert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Voreinstellung: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr "force_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -714,14 +748,29 @@ msgstr ""
"Sekunden beendet, wird der Monitor sein Beenden durch Senden des Signals "
"SIGKILL erzwingen."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "force_timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "force_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "NSS-Konfigurationsoptionen"
# FIXME s/(NSS) /(NSS)/
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -729,13 +778,13 @@ msgstr ""
"benutzt werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (Ganzzahl)"
# FIXME s/users)/users)?/
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -744,17 +793,17 @@ msgstr ""
"über alle Nutzer) zwischenspeichern?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Voreinstellung: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -766,7 +815,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -783,7 +832,7 @@ msgstr ""
"Zwischenspeicheraktualisierung zu warten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -796,17 +845,17 @@ msgstr ""
"Sekunden senken. (0 schaltet diese Funktionalität aus.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Voreinstellung: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -818,17 +867,17 @@ msgstr ""
"Backend erneut gefragt wird)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Voreinstellung: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -841,17 +890,17 @@ msgstr ""
"von einer bestimmten Domain herauszufiltern."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Voreinstellung: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -859,12 +908,12 @@ msgstr ""
"setzen Sie diese Option auf »false«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -873,7 +922,7 @@ msgstr ""
"es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -881,55 +930,66 @@ msgstr ""
"»override_homedir«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
-#, no-wrap
+#: sssd.conf.5.xml:531
+#, fuzzy, no-wrap
+#| msgid ""
+#| "override_homedir = /home/%u\n"
+#| " "
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
"override_homedir = /home/%u\n"
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
"Verzeichnisse)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr "override_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
-"setzt die Anmelde-Shell für alle Benutzer außer Kraft. Diese Option kann "
-"global im Abschnitt [nss] oder pro Domain angegeben werden."
+"Die Standard-Shell, die benutzt werden soll, falls der Anbieter während des "
+"Nachschlagens keine zurückliefert. Tritt sie in Kraft, ersetzt diese Option "
+"alle anderen Shell-Optionen. Sie kann entweder im Abschnitt [nss] oder pro "
+"Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
"benutzen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -937,12 +997,12 @@ msgstr ""
"Reihenfolge der Auswertung ist:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -951,7 +1011,7 @@ msgstr ""
"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -960,13 +1020,13 @@ msgstr ""
"steht, wird eine Nicht-Login-Shell benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Eine leere Zeichenkette als Shell wird so wie sie ist an Libc übergeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -975,28 +1035,28 @@ msgstr ""
"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1004,21 +1064,25 @@ msgstr ""
"auf dem Rechner installiert ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Voreinstellung: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
"Die Standard-Shell, die benutzt werden soll, falls der Anbieter während des "
"Nachschlagens keine zurückliefert. Tritt sie in Kraft, ersetzt diese Option "
@@ -1026,7 +1090,7 @@ msgstr ""
"Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1036,13 +1100,13 @@ msgstr ""
"Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (Ganzzahl)"
# http://de.wikipedia.org/wiki/Domain_%28Internet%29
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1051,12 +1115,12 @@ msgstr ""
"gültig erachtet wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
@@ -1065,17 +1129,17 @@ msgstr ""
"Zwischenspeicher als gültig erachtet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Voreinstellung: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "PAM-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1084,12 +1148,12 @@ msgstr ""
"Authentication Module« (PAM) einzurichten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1099,17 +1163,17 @@ msgstr ""
"erfolgreichen Anmeldung)?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1118,12 +1182,12 @@ msgstr ""
"Authentifizierungsanbieter offline ist?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1133,7 +1197,7 @@ msgstr ""
"Anmeldeversuch möglich ist"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1145,17 +1209,17 @@ msgstr ""
"Authentifizierung reaktivieren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Voreinstellung: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1164,43 +1228,43 @@ msgstr ""
"angezeigt wird. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "Derzeit unterstützt SSSD folgende Werte:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: nur mitteilsame Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Voreinstellung: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1212,7 +1276,7 @@ msgstr ""
"neusten Informationen erfolgt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1226,17 +1290,17 @@ msgstr ""
"Abfragen der Identitätsanbieter zu vermeiden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr "zeigt N Tage bevor das Passwort abläuft eine Warnung."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1247,7 +1311,7 @@ msgstr ""
"SSSD keine Warnung anzeigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1257,7 +1321,7 @@ msgstr ""
"automatisch angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1266,28 +1330,28 @@ msgstr ""
"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Voreinstellung: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr "Sudo-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
"Diese Optionen können zum Konfigurieren des Dienstes »sudo« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr "sudo_timed (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1297,23 +1361,23 @@ msgstr ""
"nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr "AUTOFS-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1324,23 +1388,23 @@ msgstr ""
"nicht existierende), bevor das Backend erneut befragt wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr "SSH-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1349,12 +1413,12 @@ msgstr ""
"»known_hosts« zusammengemischt werden oder nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1363,18 +1427,18 @@ msgstr ""
"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr "Voreinstellung: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr "PAC-Responder-Konfigurationsoptionen"
# http://de.wikipedia.org/wiki/Domain_Controller
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1393,7 +1457,7 @@ msgstr ""
"ausgewertet wurde, werden einige der folgenden Transaktionen durchgeführt:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1411,7 +1475,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1420,18 +1484,18 @@ msgstr ""
"diesen Gruppen hinzugefügt."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1442,14 +1506,14 @@ msgstr ""
"beim Starten zu UIDs aufgelöst."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
"Responder gestattet.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1462,18 +1526,18 @@ msgstr ""
"der Liste der erlaubten UIDs auch die 0 hinzufügen."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "DOMAIN-ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (Ganzzahl)"
# FIXME What ist »it« - the domain or the entry?
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1482,7 +1546,7 @@ msgstr ""
"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1495,7 +1559,7 @@ msgstr ""
"werden jene, die im Bereich liegen, wie erwartet gemeldet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1504,17 +1568,17 @@ msgstr ""
"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1523,23 +1587,23 @@ msgstr ""
"der folgenden Werte haben:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = keine Aufzählungen für diese Domain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Voreinstellung: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1559,7 +1623,7 @@ msgstr ""
"die Mitgliedschaften neu berechnet werden müssen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1569,7 +1633,7 @@ msgstr ""
"Ergebnisse zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1584,7 +1648,7 @@ msgstr ""
"benutzten »id_provider«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1593,32 +1657,32 @@ msgstr ""
"insbesondere in großen Umgebungen, nicht empfohlen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr "Alle gefundenen vertrauenswürdigen Domains werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr "Es werden keine gefundenen vertrauenswürdigen Domains aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1632,17 +1696,17 @@ msgstr ""
"vertrauenswürdigen Domains aktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Voreinstellung: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1651,17 +1715,28 @@ msgstr ""
"soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Voreinstellung: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1670,18 +1745,18 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr "Voreinstellung: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1690,12 +1765,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1704,12 +1779,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1718,12 +1793,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -1732,12 +1807,12 @@ msgstr ""
"bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -1747,12 +1822,12 @@ msgstr ""
"wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
@@ -1762,43 +1837,43 @@ msgstr ""
"Netzgruppen unterstützt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
"setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr "Voreinstellung: 0 (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
"zwischengespeichert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
"gespeichert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1811,17 +1886,17 @@ msgstr ""
"Parameters muss größer oder gleich »offline_credentials_expiration« sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1834,17 +1909,17 @@ msgstr ""
"Authentifizierungsanbieter konfiguriert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -1852,17 +1927,17 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1873,8 +1948,8 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1887,8 +1962,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1900,12 +1975,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -1915,7 +1990,7 @@ msgstr ""
"Benutzers, der an NSS gemeldet wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1929,7 +2004,7 @@ msgstr ""
"test@LOCAL</command> würde ihn hingegen finden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1941,17 +2016,17 @@ msgstr ""
"durchsucht, wenn ein nicht qualifizierter Name abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1962,12 +2037,12 @@ msgstr ""
"verarbeitet werden, werden die Gruppenmitglieder nicht zurückgegeben."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1976,7 +2051,7 @@ msgstr ""
"Authentifizierungsanbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1987,7 +2062,7 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1999,19 +2074,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "»none« deaktiviert explizit die Authentifizierung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2020,13 +2095,13 @@ msgstr ""
"mit Authentifizierungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (Zeichenkette)"
# FIXME s/backends)/backends)./
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2037,7 +2112,7 @@ msgstr ""
"Backends enthalten sind). Interne Spezialanbieter sind:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2046,12 +2121,12 @@ msgstr ""
"für eine lokale Domain."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "»deny« verweigert dem Zugriff immer."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2064,17 +2139,17 @@ msgstr ""
"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Voreinstellung: »permit«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2083,7 +2158,7 @@ msgstr ""
"Folgende Anbieter von Passwortänderungen werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2095,7 +2170,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2107,19 +2182,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "»none« verbietet explizit Passwortänderungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2128,19 +2203,19 @@ msgstr ""
"kann mit Passwortänderungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr "sudo_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
"unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2151,24 +2226,38 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "»none« deaktiviert explizit Sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr "selinux_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2179,7 +2268,7 @@ msgstr ""
"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2191,12 +2280,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2205,12 +2294,12 @@ msgstr ""
"kann SELinux-Ladeanfragen handhaben."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2220,7 +2309,7 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2232,17 +2321,17 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr "autofs_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2250,7 +2339,7 @@ msgstr ""
"»autofs« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2262,7 +2351,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,17 +2363,17 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "»none« deaktiviert explizit »autofs«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr "hostid_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2293,7 +2382,7 @@ msgstr ""
"wird. Folgende Anbieter von »hostid« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2305,12 +2394,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "»none« deaktiviert explizit »hostid«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2325,7 +2414,7 @@ msgstr ""
"(NetBIOS-) Namen der Domain entsprechen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2337,22 +2426,22 @@ msgstr ""
"P&lt;Name&gt;[^@\\\\]+)$))« "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr "Benutzername@Domain.Name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr "Domain\\Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2362,7 +2451,7 @@ msgstr ""
"Windows-Domains zu ermöglichen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2372,7 +2461,7 @@ msgstr ""
"bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2384,7 +2473,7 @@ msgstr ""
"eindeutig benannte Musterteile unterstützen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2393,17 +2482,17 @@ msgstr ""
"Beschriftungsmusterteile nur die Python-Syntax (?P&lt;Name&gt;)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Voreinstellung: »%1$s@%2$s«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2411,46 +2500,46 @@ msgstr ""
"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "unterstützte Werte:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Voreinstellung: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2462,18 +2551,18 @@ msgstr ""
"Offline-Modus arbeiten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Voreinstellung: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2482,27 +2571,27 @@ msgstr ""
"DNS-Dienstabfrage an."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr "überschreibt die Haupt-GID mit der angegebenen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -2511,17 +2600,17 @@ msgstr ""
"Im Moment wird diese Option nicht vom lokalen Anbieter unterstützt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "Voreinstellung: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2535,28 +2624,35 @@ msgstr ""
"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr "flacher (NetBIOS-) Name einer Subdomain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
-msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+#: sssd.conf.5.xml:1821
+#, fuzzy
+#| msgid ""
+#| "Use this homedir as default value for all subdomains within this domain. "
+#| "See <emphasis>override_homedir</emphasis> for info about possible values. "
+#| "In addition to those, the expansion below can only be used with "
+#| "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
"benutzt das Home-Verzeichnis als Standardwert für alle Subdomains innerhalb "
"dieser Domain. Informationen über mögliche Werte finden Sie unter "
@@ -2565,7 +2661,7 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2573,17 +2669,17 @@ msgstr ""
"überschrieben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr "realmd_tags (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -2591,7 +2687,7 @@ msgstr ""
"Kennzeichnungen"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2603,17 +2699,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "das Proxy-Ziel, an das PAM weiterleitet"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2623,12 +2719,12 @@ msgstr ""
"hinzufügen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2639,7 +2735,7 @@ msgstr ""
"$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2648,13 +2744,13 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "Der Abschnitt lokale Domain"
# FIXME s/domain/domains/
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2665,29 +2761,29 @@ msgstr ""
"<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
"Benutzerbereich erstellt wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Voreinstellung: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2696,17 +2792,17 @@ msgstr ""
"replaceable> und benutzen dies als Home-Verzeichnis."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Voreinstellung: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2715,17 +2811,17 @@ msgstr ""
"werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Voreinstellung: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2734,12 +2830,12 @@ msgstr ""
"entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2750,17 +2846,17 @@ msgstr ""
"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Voreinstellung: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2773,17 +2869,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Voreinstellung: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2794,18 +2890,18 @@ msgstr ""
"wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Voreinstellung: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (Zeichenkette)"
# FIXME s/us/is/
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2817,18 +2913,18 @@ msgstr ""
"berücksichtigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "BEISPIEL"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2882,7 +2978,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2899,6 +2995,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2941,8 +3042,8 @@ msgstr ""
"unter »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURATIONSOPTIONEN"
@@ -3054,8 +3155,8 @@ msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
"Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
@@ -3064,7 +3165,7 @@ msgstr ""
"rfc/rfc2254.txt spezifiziert, sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Beispiele:"
@@ -3294,7 +3395,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "das LDAP-Attribut, das zu der Hauptgruppen-ID des Benutzers gehört"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "Voreinstellung: gidNumber"
@@ -3359,7 +3460,7 @@ msgstr ""
"das LDAP-Attribut, das die UUID/GUID eines LDAP-Benutzerobjekts enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Voreinstellung: nsUniqueId"
@@ -3379,7 +3480,7 @@ msgstr ""
"Dies wird normalerweise nur für Active-Directory-Server benötigt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
"Voreinstellung: objectSid für Active Directory, für andere Server nicht "
@@ -3391,7 +3492,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3400,7 +3501,7 @@ msgstr ""
"übergeordneten Objekt enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Voreinstellung: modifyTimestamp"
@@ -3715,22 +3816,78 @@ msgstr "Voreinstellung: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3743,12 +3900,12 @@ msgstr ""
"ungleich null, falls Sie einen Realm in Großbuchstaben wünschen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -3757,12 +3914,12 @@ msgstr ""
"Zwischenspeicher aufgezählter Datensätze aktualisiert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3773,58 +3930,57 @@ msgstr ""
"haben) und diese entfernt werden, um Platz zu sparen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Wird diese Option auf null gesetzt, wird das Aufräumen des Zwischenspeichers "
"deaktiviert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Voreinstellung: 10800 (12 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Voreinstellung: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "Voreinstellung: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (Zeichenkette)"
# FIXME s/If/If using/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3835,7 +3991,7 @@ msgstr ""
"im LDAP-Eintrag den Benutzers nutzen, um die Zugriffsrechte zu bestimmen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3844,7 +4000,7 @@ msgstr ""
"SSSD eine explizite Erlaubnis (»svc«) und zuletzt nach »allow_all« (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3855,18 +4011,18 @@ msgstr ""
"»ldap_user_authorized_service« funktioniert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "Voreinstellung: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (Zeichenkette)"
# FIXME s/If/If using/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3877,7 +4033,7 @@ msgstr ""
"verwenden, um die Zugriffsrechte zu bestimmen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3886,7 +4042,7 @@ msgstr ""
"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3897,78 +4053,78 @@ msgstr ""
"»ldap_user_authorized_host« funktioniert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "Voreinstellung: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "die Objektklasse eines Gruppeneintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Voreinstellung: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "das LDAP-Attribut, das dem Gruppennamen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "das LDAP-Attribut, das der Gruppen-ID entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "das LDAP-Attribut, das die UUID/GUID eines LDAP-Gruppenobjekts enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (Zeichenkette)"
# FIXME s/ActiveDirectory/Active Directory/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
@@ -3977,17 +4133,46 @@ msgstr ""
"wird normalerweise nur für Active-Directory-Server benötigt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3999,17 +4184,17 @@ msgstr ""
"das Schema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Voreinstellung: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4021,7 +4206,7 @@ msgstr ""
"beschleunigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4031,7 +4216,7 @@ msgstr ""
"Leistungssteigerung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4042,7 +4227,7 @@ msgstr ""
"»True« eigentlich »auto-detect«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4055,18 +4240,18 @@ msgstr ""
"aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr "Voreinstellung: False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4078,71 +4263,71 @@ msgstr ""
"verschachtelten Gruppen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt "
"werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "Voreinstellung: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "Voreinstellung: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4150,61 +4335,61 @@ msgstr ""
"enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Voreinstellung: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"das LDAP-Attribut, das die UUID/GUID eines LDAP-Netzgruppenobjekts enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr "die Objektklasse eines Diensteintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr "Voreinstellung: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (Zeichenkette)"
# FIXME s/name/names/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4212,49 +4397,49 @@ msgstr ""
"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr "Voreinstellung: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr "Voreinstellung: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4265,7 +4450,7 @@ msgstr ""
"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4276,12 +4461,12 @@ msgstr ""
"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4293,12 +4478,12 @@ msgstr ""
"(und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4315,13 +4500,13 @@ msgstr ""
"citerefentry> zurückkehrt, falls keine Aktivität stattfindet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (Ganzzahl)"
# KDC = Key Distribution Center (Schlüsselverwaltungszentrale)
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4333,12 +4518,12 @@ msgstr ""
"SASL-Bind mit der Schlüsselverwaltungszentrale (KDC) kommuniziert wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4352,17 +4537,17 @@ msgstr ""
"Lebensdauer) verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr "Voreinstellung: 900 (15 Minuten)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4372,17 +4557,17 @@ msgstr ""
"pro Anfrage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "Voreinstellung: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4394,7 +4579,7 @@ msgstr ""
"deaktiviert ist oder sich nicht ordnungsgemäß verhält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4404,7 +4589,7 @@ msgstr ""
"aber nicht in der Lage, es zu benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4416,17 +4601,17 @@ msgstr ""
"abgelehnt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr "deaktiviert die Bereichsabfrage von Active Directory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4442,12 +4627,12 @@ msgstr ""
"es so aussehen, als ob große Gruppen keine Mitglieder hätten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4458,19 +4643,19 @@ msgstr ""
"Werte dieser Option werden durch OpenLDAP definiert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
"»ldap.conf« angegeben)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4482,7 +4667,7 @@ msgstr ""
"nachgeschlagen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4490,7 +4675,7 @@ msgstr ""
"den Wert auf 0 setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4503,7 +4688,7 @@ msgstr ""
"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4514,12 +4699,12 @@ msgstr ""
"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4529,7 +4714,7 @@ msgstr ""
"Werte angegeben werden:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4538,7 +4723,7 @@ msgstr ""
"oder anfordern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4550,7 +4735,7 @@ msgstr ""
"Sitzung fährt normal fort."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4561,7 +4746,7 @@ msgstr ""
"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4572,22 +4757,22 @@ msgstr ""
"sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Voreinstellung: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4596,7 +4781,7 @@ msgstr ""
"die <command>sssd</command> erkennen wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4605,12 +4790,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4624,33 +4809,33 @@ msgstr ""
"Erstellen der korrekten Namen verwendet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4662,12 +4847,12 @@ msgstr ""
"manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4676,12 +4861,12 @@ msgstr ""
"\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4693,7 +4878,7 @@ msgstr ""
"verlassen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
@@ -4701,12 +4886,12 @@ msgstr ""
# FIXME s/interger/integer/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4725,17 +4910,17 @@ msgstr ""
"Abbildung von IDs wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4744,12 +4929,12 @@ msgstr ""
"GSSAPI getestet und wird unterstützt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4764,17 +4949,17 @@ msgstr ""
"enthalten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4785,17 +4970,17 @@ msgstr ""
"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr "Voreinstellung: der Wert von »krb5_realm«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -4805,34 +4990,34 @@ msgstr ""
"Bind in eine kanonische Form zu bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Voreinstellung: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4843,28 +5028,28 @@ msgstr ""
"ausgewählte Mechnaismus GSSAPI ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Voreinstellung: 86400 (24 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4883,7 +5068,7 @@ msgstr ""
"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4894,7 +5079,7 @@ msgstr ""
"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4906,29 +5091,29 @@ msgstr ""
"migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -4938,12 +5123,12 @@ msgstr ""
"Kerberos >= 1.7 verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4959,7 +5144,7 @@ msgstr ""
"manvolnum> </citerefentry> einrichten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4970,12 +5155,12 @@ msgstr ""
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4984,7 +5169,7 @@ msgstr ""
"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4993,7 +5178,7 @@ msgstr ""
"kann keine Server-seitigen Passwortregelwerke deaktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5004,7 +5189,7 @@ msgstr ""
"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5015,18 +5200,25 @@ msgstr ""
"»chpass_provider=krb5«, um diese Attribute zu aktualisieren, wenn das "
"Passwort geändert wurde."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5035,7 +5227,7 @@ msgstr ""
"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5049,28 +5241,28 @@ msgstr ""
"merkliche Leistungsverbesserung bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Voreinstellung: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5079,17 +5271,17 @@ msgstr ""
"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5098,19 +5290,28 @@ msgstr ""
"Passwortänderung mit Unix-Zeit geändert wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
+#, fuzzy
+#| msgid ""
+#| "If using access_provider = ldap and ldap_access_order = filter (default), "
+#| "this option is mandatory. It specifies an LDAP search filter criteria "
+#| "that must be met for the user to be granted access on this host. If "
+#| "access_provider = ldap, ldap_access_order = filter and this option is not "
+#| "set, it will result in all users being denied access. Use "
+#| "access_provider = permit to change this default behavior."
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
"Falls »access_provider = ldap« und »ldap_access_order = filter« benutzt wird "
"(Voreinstellung), ist diese Option zwingend notwendig. Sie gibt das LDAP-"
@@ -5121,16 +5322,20 @@ msgstr ""
"»access_provider = permit«, um dieses Standardverhalten zu ändern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Beispiel:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -5138,16 +5343,20 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"Dieses Beispiel bedeutet, dass der Zugriff auf diesen Rechner auf Mitglieder "
"der Gruppe »allowedusers« in LDAP begrenzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5159,17 +5368,17 @@ msgstr ""
"Falls ja, wird weiterhin offline Zugriff gegeben und umgekehrt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "Voreinstellung: leer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5178,7 +5387,7 @@ msgstr ""
"Zugriffssteuerungsattribute aktiviert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5189,12 +5398,12 @@ msgstr ""
"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5203,7 +5412,7 @@ msgstr ""
"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5216,7 +5425,7 @@ msgstr ""
"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5227,7 +5436,7 @@ msgstr ""
"Zugriff erlaubt wird oder nicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5240,7 +5449,7 @@ msgstr ""
"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5251,29 +5460,29 @@ msgstr ""
"»ldap_account_expire_policy« funktioniert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"durch Kommas getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
"sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5282,19 +5491,19 @@ msgstr ""
"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
"ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Voreinstellung: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5303,12 +5512,12 @@ msgstr ""
"mehr als einmal benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5317,12 +5526,12 @@ msgstr ""
"folgenden Optionen sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5332,7 +5541,7 @@ msgstr ""
"Suche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5341,7 +5550,7 @@ msgstr ""
"der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5350,7 +5559,7 @@ msgstr ""
"Orten des Basisobjekts der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5359,12 +5568,12 @@ msgstr ""
"<emphasis>never</emphasis> gehandhabt.)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5373,7 +5582,7 @@ msgstr ""
"beizubehalten, die das Schema RFC2307 benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5391,7 +5600,7 @@ msgstr ""
"getpw*() oder initgroups() abzurufen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5417,57 +5626,57 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr "SUDO-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr "Voreinstellung: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr "Voreinstellung: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5476,17 +5685,17 @@ msgstr ""
"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr "Voreinstellung: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5495,32 +5704,32 @@ msgstr ""
"oder der Netzwerkgruppe des Benutzers) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr "Voreinstellung: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr "Voreinstellung: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -5529,17 +5738,17 @@ msgstr ""
"ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr "Voreinstellung: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5548,17 +5757,17 @@ msgstr ""
"worunter Befehle ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr "Voreinstellung: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -5567,17 +5776,17 @@ msgstr ""
"Sudo-Regel gültig wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr "Voreinstellung: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5586,32 +5795,32 @@ msgstr ""
"der die Sudo-Regel nicht länger gültig ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr "Voreinstellung: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr "Voreinstellung: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -5622,7 +5831,7 @@ msgstr ""
# FIXME s# </emphasis>#</emphasis>#
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5631,17 +5840,17 @@ msgstr ""
"emphasis> sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr "Voreinstellung: 21600 (6 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5652,7 +5861,7 @@ msgstr ""
"höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -5661,12 +5870,12 @@ msgstr ""
"das Attribut »modifyTimestamp« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -5676,12 +5885,12 @@ msgstr ""
"Netzwerkadressen und Rechnernamen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5690,7 +5899,7 @@ msgstr ""
"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -5699,8 +5908,8 @@ msgstr ""
"voll qualifizierten Domain-Namen automatisch herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5709,17 +5918,17 @@ msgstr ""
"emphasis> ist, hat diese Option keine Auswirkungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr "Voreinstellung: nicht angegeben"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5728,7 +5937,7 @@ msgstr ""
"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5737,12 +5946,12 @@ msgstr ""
"herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -5751,12 +5960,12 @@ msgstr ""
"eine Netzgruppe im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -5765,12 +5974,7 @@ msgstr ""
"einen Platzhalter im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5783,12 +5987,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -5797,47 +6001,68 @@ msgstr ""
"entsprechen. "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_autofs_map_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_autofs_map_name (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+#, fuzzy
+#| msgid "The name of an automount map entry in LDAP."
+msgid "The name of the automount master map in LDAP."
+msgstr "der Name eines Automount-Abbildungseintrags in LDAP"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: sudoUser"
+msgid "Default: auto.master"
+msgstr "Voreinstellung: sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr "Voreinstellung: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr "der Name eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr "Voreinstellung: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -5846,22 +6071,28 @@ msgstr ""
"Eintrag einem Einhängepunkt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr "Voreinstellung: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
+#, fuzzy
+#| msgid ""
+#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+#| "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+#| "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+#| "\"variablelist\" id=\"4\"/>"
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5869,102 +6100,37 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "ERWEITERTE OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-"Diese Option gibt ein zusätzliches LDAP-Suchfilterkriterium an, das die "
-"Benutzersuche einschränkt."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-"Diese Option ist zugunsten von der durch »ldap_user_search_base« benutzten "
-"Syntax <emphasis>missbilligt</emphasis>."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-"Dieser Filter würde die Benutzersuche auf Benutzer beschränken, deren Shell "
-"auf /bin/tcsh gesetzt ist."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-"Diese Option gibt ein zusätzliches LDAP-Suchfilterkriterium an, das "
-"Gruppensuchen einschränkt."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-"Diese Option ist <emphasis>missbilligt</emphasis> zugunsten von der durch "
-"»ldap_group_search_base« benutzten Syntax."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5975,7 +6141,7 @@ msgstr ""
"falls Sie wissen, was Sie tun. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5986,7 +6152,7 @@ msgstr ""
"gesetzt ist."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -6006,20 +6172,20 @@ msgstr ""
" cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ANMERKUNGEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6053,13 +6219,21 @@ msgstr "PAM-Modul für SSSD"
# FIXME s/<replaceable>/<literal>
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -6069,7 +6243,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6081,22 +6255,22 @@ msgstr ""
"Fertigkeit LOG_AUTHPRIV protokolliert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6106,12 +6280,12 @@ msgstr ""
"es nutzen können."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6123,12 +6297,12 @@ msgstr ""
"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6138,12 +6312,12 @@ msgstr ""
"bereitgestellt wird."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6152,7 +6326,7 @@ msgstr ""
"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6163,13 +6337,27 @@ msgstr ""
"selbst abwickelt. Ein typisches Beispiel ist <command>sshd</command> mit "
"<option>PasswordAuthentication</option>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "BEREITGESTELLTE MODULTYPEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6179,12 +6367,12 @@ msgstr ""
"bereitgestellt."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "DATEIEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6196,7 +6384,7 @@ msgstr ""
"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6216,7 +6404,7 @@ msgstr ""
"Leserechte haben dürfen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6231,9 +6419,29 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
# Fixme: missing period at the end of the section
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> "
+#| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the "
+#| "Kerberos libraries what Realm and which KDC to use. Typically this is "
+#| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+#| "Kerberos libraries. To simplify the configuration the Realm and the KDC "
+#| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+#| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>"
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
@@ -6244,7 +6452,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
"Die Kerberos-Locator-Erweiterung <command>sssd_krb5_locator_plugin</command> "
@@ -6425,7 +6633,7 @@ msgstr ""
"Lokale Gruppen werden nicht ausgewertet."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6486,6 +6694,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -6611,7 +6824,7 @@ msgstr ""
"zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (Boolesch)"
@@ -6631,7 +6844,7 @@ msgstr ""
"»dyndns_iface« keine andere angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6653,12 +6866,12 @@ msgstr ""
"Konfigurationsdatei migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6687,12 +6900,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Voreinstellung: 1200 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -6724,7 +6937,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
@@ -6749,12 +6962,12 @@ msgstr ""
"gefundenen als Sicherungsserver."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6765,12 +6978,12 @@ msgstr ""
"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6795,12 +7008,12 @@ msgid "Default: False (disabled)"
msgstr "Voreinstellung: False (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -6809,7 +7022,7 @@ msgstr ""
"DNS-Server verwenden soll"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
@@ -6843,7 +7056,7 @@ msgstr ""
"Rechnerobjekte"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6851,76 +7064,64 @@ msgstr ""
"Informationen über das Konfigurieren mehrerer Suchgrundlagen finden Sie "
"unter »ldap_search_base«."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-"Falls in irgendeiner der Suchgrundlagen ein Filter angegeben wurde und "
-"<emphasis>ipa_hbac_support_srchost</emphasis> auf »False« gesetzt ist, wird "
-"der Filter ignoriert."
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
"SELinux-Benutzerabbildungen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
"vertrauenswürdige Domains"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das "
"Master-Domain-Objekt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6928,7 +7129,7 @@ msgstr ""
"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6937,7 +7138,7 @@ msgstr ""
"Kerberos-Anbieters unterscheidet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6946,7 +7147,7 @@ msgstr ""
"Wert von »ipa_domain«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6956,7 +7157,7 @@ msgstr ""
"zu verwenden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6967,12 +7168,76 @@ msgstr ""
"Funktionalität ist mit Kerberos >= 1.7 verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die "
+"Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden "
+"unterstützt:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr "<emphasis>h</emphasis> für Stunden"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+#, fuzzy
+#| msgid ""
+#| "<emphasis>try</emphasis> to use FAST. If the server does not support "
+#| "FAST, continue the authentication without it."
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+"<emphasis>try</emphasis>: Es wird versucht, FAST zu benutzen. Falls der "
+"Server kein FAST unterstützt, fährt die Authentifizierung ohne fort."
+
+# FIXME s/fast/FAST/
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+"<emphasis>demand</emphasis>: Fragt nach, ob FAST benutzt werden soll. Die "
+"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Voreinstellung: »true«"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+"HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und neuer. "
+"Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, ist die "
+"Verwendung dieser Option ein Konfigurationsfehler."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:405
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6983,17 +7248,17 @@ msgstr ""
"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr "Voreinstellung: 5 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -7004,12 +7269,12 @@ msgstr ""
"viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7023,7 +7288,7 @@ msgstr ""
"Übergangszeit zwei Modi unterstützen:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7032,7 +7297,7 @@ msgstr ""
"werden, wird allen Benutzern der Zugriff verwehrt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7042,47 +7307,23 @@ msgstr ""
"Tor öffnen kann."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "Voreinstellung: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr "ipa_hbac_support_srchost (Boolesch)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-"Falls dies auf »false« gesetzt ist, wird »srchost«, das durch PAM an SSSD "
-"übergeben wurde, ignoriert."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-"Beachten Sie, dass diese Option, falls sie auf <emphasis>False</emphasis> "
-"gesetzt ist, veranlasst, dass in <emphasis>ipa_host_search_base</emphasis> "
-"angegebene Filter ignoriert werden."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
"Diese Option sollte nur durch das IPA-Installationsprogramm gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7092,295 +7333,27 @@ msgstr ""
"durchgeführt werden sollte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr "Voreinstellung: der Ort namens »default«"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr "ipa_netgroup_member_of (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr "das LDAP-Attribut, das die Netzgruppenmitgliedschaften aufführt"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr "ipa_netgroup_member_user (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-"das LDAP-Attribut, das die Systembenutzer und Gruppen aufführt, die direkte "
-"Mitglieder der Netzgruppe sind"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "Voreinstellung: memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-"das LDAP-Attribut, das Rechner und Rechnergruppen aufführt, die direkte "
-"Mitglieder der Netzgruppe sind"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "Voreinstellung: memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-"das LDAP-Attribut, das FQDNs von Rechnern und Rechnergruppen aufführt, die "
-"direkte Mitglieder der Netzgruppe sind"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "Voreinstellung: externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr "das LDAP-Attribut, das den NIS-Domain-Namen der Netzgruppe enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "Voreinstellung: nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr "die Objektklasse eines Rechnereintrags in LDAP"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "Voreinstellung: ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr "das LDAP-Attribut, das den FQDN des Rechners enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "Voreinstellung: fqdn"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_selinux_usermap_object_class (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr "ipa_selinux_usermap_name (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "das LDAP-Attribut, das den Namen der SELinux-Benutzerabbildung enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_selinux_usermap_member_user (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-"das LDAP-Attribut, das alle Benutzer/Gruppen enthält, auf die diese Regel "
-"passt"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_selinux_usermap_member_host (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-"das LDAP-Attribut, das alle Rechner/Rechnergruppen enthält, auf die diese "
-"Regel passt"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_selinux_usermap_see_also (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-"das LDAP-Attribut, das DNs von HBAC-Regeln enthält, die anstelle von "
-"»memberUser« und »memberHost« zum Abgleich benutzt werden können"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr "Voreinstellung: seeAlso"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_selinux_usermap_selinux_user (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "das LDAP-Attribut, das die SELinux-Benutzerzeichenkette selbst enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr "Voreinstellung: ipaSELinuxUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_selinux_usermap_enabled (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-"das LDAP-Attribut, das besagt, ob die Benutzerabbildung zur Verwendung "
-"aktiviert ist oder nicht"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr "Voreinstellung: ipaEnabledFlag"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ipa_selinux_usermap_user_category (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "das LDAP-Attribut, das die Benutzerkategorie wie etwa »alle« enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr "Voreinstellung: userCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_selinux_usermap_host_category (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "das LDAP-Attribut, das die Rechnerkategorie wie etwa »alle« enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr "Voreinstellung: hostCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_selinux_usermap_uuid (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "das LDAP-Attribut, das die eindeutige ID der Benutzerabbildung enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr "Voreinstellung: ipaUniqueID"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_host_ssh_public_key (Zeichenkette)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Rechners enthält"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr "Voreinstellung: ipaSshPubKey"
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr "ANBIETER VON UNTER-DOMAINS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7389,7 +7362,7 @@ msgstr ""
"ob er explizit oder implizit konfiguriert wurde."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7400,7 +7373,7 @@ msgstr ""
"und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7419,7 +7392,7 @@ msgstr ""
"online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7431,7 +7404,7 @@ msgstr ""
"Optionen von IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7449,6 +7422,13 @@ msgstr ""
msgid "sssd-ad"
msgstr "sssd-ad"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+#, fuzzy
+#| msgid "Disable Active Directory range retrieval."
+msgid "SSSD Active Directory provider"
+msgstr "deaktiviert die Bereichsabfrage von Active Directory"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -7513,9 +7493,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:62
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access and chpass provider. No "
+#| "configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
"Es ist jedoch weder nötig noch empfohlen, diese Optionen zu setzen. Der AD-"
@@ -7535,14 +7520,25 @@ msgstr ""
# FIXME s/Users/.Users/
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:68
+#, fuzzy
+#| msgid ""
+#| "By default, the AD provider will map UID and GID values from the "
+#| "objectSID parameter in Active Directory. For details on this, see the "
+#| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
+#| "mapping and instead rely on POSIX attributes defined in Active Directory, "
+#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> Users, "
+#| "groups and other entities served by SSSD are always treated as case-"
+#| "insensitive in the AD provider for compatibility with Active Directory's "
+#| "LDAP implementation."
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
msgstr ""
"Standardmäßig wird der AD-Anbieter UID- und GID-Werte vom Parameter "
"»objectSID« in Active Directory abbilden. Einzelheiten darüber erfahren Sie "
@@ -7554,13 +7550,21 @@ msgstr ""
"Kompatibilität mit der LDAP-Implementierung von Active Directory nicht "
"berücksichtigt."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr "ad_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7569,7 +7573,7 @@ msgstr ""
"nicht angegeben, wird der Name der konfigurierten Domain benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7579,7 +7583,7 @@ msgstr ""
"angegeben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -7588,12 +7592,12 @@ msgstr ""
"SSSD automatisch ermittelt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -7608,12 +7612,12 @@ msgstr ""
"optional. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr "ad_hostname (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7624,7 +7628,7 @@ msgstr ""
"werden, um sie zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7634,12 +7638,12 @@ msgstr ""
"ausgegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7656,8 +7660,173 @@ msgstr ""
"wird ebenfalls einschließlich der Domain zur Aufdeckung bei der Site-"
"Aufdeckung verwendet."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: Not set"
+msgstr "Voreinstellung: nicht gesetzt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_enable_dns_sites (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ad_enable_dns_sites (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: ipService"
+msgid "Default: permissive"
+msgstr "Voreinstellung: ipService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7675,22 +7844,22 @@ msgstr ""
"»dyndns_iface« angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr "Voreinstellung: 3600 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -7700,7 +7869,7 @@ msgstr ""
"Abschnitt 5 von RFC 6806."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7712,7 +7881,7 @@ msgstr ""
"Optionen von AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7736,7 +7905,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7748,7 +7917,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7759,7 +7928,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -7845,13 +8014,34 @@ msgstr ""
"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> finden."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr "SSSD zum Abrufen von Sudo-Regeln konfigurieren"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
@@ -7860,7 +8050,7 @@ msgstr ""
"Regeln von einem LDAP-Server herunterlädt."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -7886,23 +8076,28 @@ msgstr ""
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
+#, fuzzy
+#| msgid ""
+#| "When the SSSD is configured to use the IPA provider, the sudo provider is "
+#| "automatically enabled. The sudo search base is configured to use the "
+#| "compat tree (ou=sudoers,$DC)."
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
"Wenn SSSD zur Verwendung eines IPA-Anbieters konfiguriert wurde, ist der "
"Sudo-Anbieter automatisch aktiviert. Die Suchgrundlage von Sudo ist so "
"konfiguriert, dass sie den Compat-Verzeichnisbaum benutzt (ou=sudoers,$DC)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr "Der Zwischenspeichermechanismus für Sudo-Regeln"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -7920,7 +8115,7 @@ msgstr ""
"Aktualisieren und Regelaktualisierung bezeichnet."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -7934,7 +8129,7 @@ msgstr ""
"erzeugen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -7952,7 +8147,7 @@ msgstr ""
"Regeln ausgeführt werden."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -7971,7 +8166,7 @@ msgstr ""
"(die für andere Benutzer gelten) gelöscht wurden."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -7982,37 +8177,37 @@ msgstr ""
"im Attribut <emphasis>sudoHost</emphasis> enthalten:"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr "Schlüsselwort ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr "Platzhalter"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr "Netzgruppe (in der Form »+Netzgruppe«)"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr "Rechnername oder voll qualifizierter Domain-Namen dieser Maschine"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr "eine der IP-Adressen dieser Maschine"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr "eine der IP-Adressen des Netzwerks (in der Form »Adresse/Maske«)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -8241,6 +8436,19 @@ msgstr ""
"teilt SSSD mit, dass es sofort online gehen soll. Dies ist meist zu "
"Testzwecken nützlich."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+#| "debug messages will be sent to stderr."
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+"Falls die Umgebungsvariable SSSD_KRB5_LOCATOR_DEBUG auf irgendeinen Wert "
+"gesetzt ist, werden Debug-Nachrichten an »stderr« gesandt."
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -8569,6 +8777,13 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+#, fuzzy
+#| msgid "Kerberos realm"
+msgid "SSSD Kerberos provider"
+msgstr "Kerberos Realm"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -8711,116 +8926,105 @@ msgstr "krb5_ccachedir (Zeichenkette)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
-msgstr ""
-"Verzeichnis, in dem Berechtigungszwischenspeicher abgelegt werden. Hier "
-"können auch alle Ersetzungssequenzen von »krb5_ccname_template« benutzt "
-"werden, außer %d und %P. Falls das Verzeichnis nicht existiert, wird es "
-"erstellt. Falls %u, %U, %p oder %h benutzt werden, wird ein privates "
-"Verzeichnis, das dem Benutzer gehört, erstellt. Andernfalls wird ein "
-"öffentliches Verzeichnis mit einem Schalter für eingeschränktes Löschen "
-"(auch bekannt als Sticky-Bit, detailliert beschrieben unter <citerefentry> "
-"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
-"citerefentry>) erstellt."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Voreinstellung: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (Zeichenkette)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "Anmeldename"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr "Anmelde-UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "Principal-Name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "Realm-Name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
#, fuzzy
msgid "home directory"
msgstr "Bneutzerverzeichnis"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "Wert von »krb5ccache_dir«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr "die Prozess-ID des SSSD-Clients"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "ein buchstäbliches »%«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -8841,7 +9045,7 @@ msgstr ""
"auf eine sichere Art verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -8855,7 +9059,7 @@ msgstr ""
"berechenbarste Methode darstellt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -8871,17 +9075,17 @@ msgstr ""
"»krb5.conf(5)«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr "Voreinstellung: (von »libkrb5«)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -8892,7 +9096,7 @@ msgstr ""
"die Authentifizierung offline fortgesetzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -8910,12 +9114,12 @@ msgstr ""
"Eintrag als letzter oder einziger Eintrag in der Keytab-Datei abgelegt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
@@ -8924,17 +9128,17 @@ msgstr ""
"benutzt wird, die von Schlüsselverwaltungszentralen (KDCs) stammen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Voreinstellung: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
@@ -8943,7 +9147,7 @@ msgstr ""
"benutzt es zur Abfrage des TGTs, wenn der Anbieter wieder online geht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -8955,12 +9159,12 @@ msgstr ""
"Benutzer Root zugegriffen werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
@@ -8969,33 +9173,33 @@ msgstr ""
"Ganzzahl, der direkt eine Zeiteinheit folgt, angegeben:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr "<emphasis>s</emphasis> für Sekunden"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr "<emphasis>m</emphasis> für Minuten"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr "<emphasis>h</emphasis> für Stunden"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr "<emphasis>d</emphasis> für Tage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
@@ -9005,17 +9209,17 @@ msgstr ""
"»1h30m«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr "Voreinstellung: nicht gesetzt, d.h. das TGT ist nicht erneuerbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
@@ -9025,13 +9229,13 @@ msgstr ""
# FIXME s/given/given,/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
@@ -9040,7 +9244,7 @@ msgstr ""
"eineinhalb Stunden zu setzen, verwenden Sie »90m« statt »1h30m«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
@@ -9048,12 +9252,12 @@ msgstr ""
"der Schlüsselverwaltungszentrale (KDC)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr "krb5_renew_interval (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -9065,29 +9269,14 @@ msgstr ""
"folgt, angegeben:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
"Falls diese Option nicht oder auf 0 gesetzt ist, wird die automatische "
"Erneuerung deaktiviert."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr "krb5_use_fast (Zeichenkette)"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-"Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die "
-"Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden "
-"unterstützt:"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
@@ -9096,7 +9285,7 @@ msgstr ""
"Einstellung gar nicht gemacht würde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
@@ -9104,49 +9293,28 @@ msgstr ""
"<emphasis>try</emphasis>: Es wird versucht, FAST zu benutzen. Falls der "
"Server kein FAST unterstützt, fährt die Authentifizierung ohne fort."
-# FIXME s/fast/FAST/
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-"<emphasis>demand</emphasis>: Fragt nach, ob FAST benutzt werden soll. Die "
-"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr "HINWEIS: Zur Benutzung von FAST ist eine Keytab erforderlich."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-"HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und neuer. "
-"Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, ist die "
-"Verwendung dieser Option ein Konfigurationsfehler."
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr "gibt den Server Principal zur Benutzung von FAST an."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
@@ -9156,8 +9324,10 @@ msgstr ""
"Versionen verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+#, fuzzy
+#| msgid "Default: false (AD provide: true)"
+msgid "Default: false (AD provider: true)"
msgstr "Voreinstellung: false (AD-Bereitstellung: true)"
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9177,7 +9347,7 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -9190,7 +9360,7 @@ msgstr ""
"keine Identitätsanbieter."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -9879,6 +10049,235 @@ msgstr ""
"(64 Byte auf Systemen ohne global definiertem Wert für PASS_MAX)."
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Diese Handbuchseite beschreibt die Konfiguration des IPA-Anbieters für "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
+"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+"gibt die durch Kommas getrennte Liste von UID-Werten oder Benutzernamen an, "
+"denen der Zugriff auf den PAC-Responder erlaubt ist. Benutzernamen werden "
+"beim Starten zu UIDs aufgelöst."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
+"Responder gestattet.)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "Please note that although the UID 0 is used as the default it will be "
+#| "overwritten with this option. If you still want to allow the root user to "
+#| "access the PAC responder, which would be the typical case, you have to "
+#| "add 0 to the list of allowed UIDs as well."
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+"Bitte beachten Sie, dass, obwohl die UID 0 als Voreinstellung benutzt wird, "
+"diese Option sie überschriebt. Falls Sie weiterhin dem Benutzer Root Zugriff "
+"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie "
+"der Liste der erlaubten UIDs auch die 0 hinzufügen."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+#, fuzzy
+#| msgid "username"
+msgid "name"
+msgstr "Benutzername"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "Anmeldename"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "Voreinstellung: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+#, fuzzy
+#| msgid "user name"
+msgid "user ID"
+msgstr "Benutzername"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "Voreinstellung: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+msgid "homeDirectory"
+msgstr "Bneutzerverzeichnis"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Login shell"
+msgid "loginShell"
+msgstr "Anmelde-Shell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+#, fuzzy
+#| msgid "user name"
+msgid "user shell"
+msgstr "Benutzername"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
+"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
+"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+#, fuzzy
+#| msgid ""
+#| "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+"Voreinstellung: nicht gesetzt, d.h. die Standardlebenszeit des Tickets auf "
+"der Schlüsselverwaltungszentrale (KDC)"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
@@ -10122,7 +10521,7 @@ msgstr ""
"unterstützt."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Konfiguration"
@@ -10325,13 +10724,55 @@ msgstr ""
"automatisch und manuell zugewiesenen Werten zu vermeiden. Falls Sie manuell "
"zugewiesene Werte benutzen müssen, müssen Sie ALLE Werte manuell zuweisen."
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr "Abbildungsalgorithmus"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -10344,7 +10785,7 @@ msgstr ""
"Bezeichner (RID) des Benutzer- oder Gruppenobjekts darstellen."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -10355,7 +10796,7 @@ msgstr ""
"steht für den verfügbaren Speicher einer Active-Directory-Domain."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -10369,7 +10810,7 @@ msgstr ""
"Algorithmus basiert:"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -10380,7 +10821,7 @@ msgstr ""
"Gesamtzahl verfügbarer Slices genommen, um den Slice auszusuchen."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -10403,13 +10844,13 @@ msgstr ""
"finden Sie unter »Konfiguration«."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr "Minimalkonfiguration (im Abschnitt »[domain/DOMAINNAME]«):"
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -10419,7 +10860,7 @@ msgstr ""
"ldap_schema = ad\n"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -10431,17 +10872,17 @@ msgstr ""
"meisten Bereitstellungen ausreichen."
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr "Fortgeschrittene Konfiguration"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (Ganzzahl)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10450,7 +10891,7 @@ msgstr ""
"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -10465,17 +10906,17 @@ msgstr ""
"kleiner oder gleich »ldap_idmap_range_min« sein sollte."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr "Voreinstellung: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (Ganzzahl)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10484,7 +10925,7 @@ msgstr ""
"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -10499,17 +10940,17 @@ msgstr ""
"größer oder gleich »ldap_idmap_range_max« sein sollte."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr "Voreinstellung: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (Ganzzahl)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
@@ -10519,13 +10960,37 @@ msgstr ""
"Bereichsgröße nicht gleichmäßig in die minimalen und maximalen Werte teilen "
"lässt, werden so viele komplette Slices wie möglich erstellt."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10536,22 +11001,22 @@ msgstr ""
"der oben beschriebene Murmurhash-Algorithmus umgangen."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr "gibt den Namen der Standard-Domain an."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (Boolesch)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -10562,7 +11027,7 @@ msgstr ""
# FIXME s/monatomically/monotonically/
# http://www.canoo.net/services/GermanSpelling/Regeln/Gross-klein/Zahlen.html
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -10571,7 +11036,7 @@ msgstr ""
"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10586,6 +11051,77 @@ msgstr ""
"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass "
"mindestens eine Domain beständig für den Slice null reserviert ist."
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -10604,110 +11140,153 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
-"Bit-Maske, die anzeigt, welche Debug-Stufen sichtbar sein werden. 0x0010 ist "
-"sowohl der Vorgabewert als auch der niedrigste erlaubte Wert, 0xFFF0 ist der "
-"Modus mit der detailreichsten Ausgabe. Diese Einstellung setzt die "
-"Einstellungen aus der Konfigurationsdatei außer Kraft."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr "derzeit unterstützte Debug-Stufen:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+#| "SSSD from starting up or causes it to cease running."
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
"<emphasis>0x0010</emphasis>: fatale Fehler. Alles, was SSSD am Starten "
"hindern oder zum Enden führen würde"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't "
+#| "kill the SSSD, but one that indicates that at least one major feature is "
+#| "not going to work properly."
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
"<emphasis>0x0020</emphasis>: kritische Fehler. Ein Fehler, der den SSSD "
"nicht beenden würde, der aber anzeigt, dass mindestens eine "
"Hauptfunktionalität nicht ordnungsgemäß laufen würde."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+#| "particular request or operation has failed."
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
"<emphasis>0x0040</emphasis>: schwerwiegende Fehler. Ein Fehler, der bekannt "
"gibt, dass eine bestimmte Anfrage oder Transaktion fehlgeschlagen ist."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that "
+#| "would percolate down to cause the operation failure of 2."
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
"<emphasis>0x0080</emphasis>: nebensächliche Fehler. Dies sind die Fehler, "
"die sich ausbreiten, um den Transaktionsfehler von 2 zu verursachen."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+#, fuzzy
+#| msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr "<emphasis>0x0100</emphasis>: Konfigurationseinstellungen"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+#, fuzzy
+#| msgid "<emphasis>0x0200</emphasis>: Function data."
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr "<emphasis>0x0200</emphasis>: Funktionsdaten"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+#, fuzzy
+#| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
"<emphasis>0x0400</emphasis>: Verfolgungsnachrichten von "
"Transaktionsfunktionen"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x1000</emphasis>: Trace messages for internal control "
+#| "functions."
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
"<emphasis>0x1000</emphasis>: Verfolgungsnachrichten für interne "
"Steuerfunktionen"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+#| "may be interesting."
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
"<emphasis>0x2000</emphasis>: Inhalt möglicherweise interessanter "
"funktionsinterner Variablen"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
"<emphasis>0x4000</emphasis>: Verfolgungsinformationen auf extrem niediger "
"Ebene"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
+#, fuzzy
+#| msgid ""
+#| "To log required debug levels, simply add their numbers together as shown "
+#| "in following examples:"
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
"Um die benötigten Debug-Stufen zu protokollieren, fügen Sie einfach, wie in "
"den folgenden Beispielen gezeigt, ihre Nummern hinzu:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
@@ -10716,7 +11295,7 @@ msgstr ""
"und Funktionsdaten zu protokollieren, benutzen Sie 0x0270."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
@@ -10726,15 +11305,26 @@ msgstr ""
"interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
+#, fuzzy
+#| msgid ""
+#| "<emphasis>Note</emphasis>: This is new format of debug levels introduced "
+#| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
"<emphasis>Hinweis</emphasis>: Dies ist das neue in 1.7.0. eingeführte Format "
"von Debug-Stufen. Das ältere Format (Versionen von 0-10) ist kompatibel aber "
"missbilligt."
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>h</emphasis> für Stunden"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -10786,6 +11376,45 @@ msgstr "SIEHE AUCH"
# FIXME wrong order
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
+#, fuzzy
+#| msgid ""
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
+#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
+#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>."
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -10821,6 +11450,8 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
@@ -10863,7 +11494,6 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -10873,32 +11503,33 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr "search_base[?Gültigkeitsbereich?[Filter][?Suchbasis?Gültigkeitsbereich?[Filter]]*]\n"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "Syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
+#, fuzzy
+#| msgid ""
+#| "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
+#| "must be a valid LDAP search filter as specified by http://www.ietf.org/"
+#| "rfc/rfc2254.txt"
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
"Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein. "
"Der Filter muss ein gültiger LDAP-Suchfilter sein, wie durch http://www.ietf."
"org/rfc/rfc2254.txt spezifiziert."
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
@@ -10907,8 +11538,7 @@ msgstr ""
"»ldap_search_base«."
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -11000,8 +11630,296 @@ msgstr ""
"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP geholten Wert "
"benutzen.)"
-msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
-msgstr "Voreinstellung: FILE:%d/krb5cc_%U_XXXXXX"
+#~ msgid ""
+#~ "Override the login shell for all users. This option can be specified "
+#~ "globally in the [nss] section or per-domain."
+#~ msgstr ""
+#~ "setzt die Anmelde-Shell für alle Benutzer außer Kraft. Diese Option kann "
+#~ "global im Abschnitt [nss] oder pro Domain angegeben werden."
+
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (Zeichenkette)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict user searches."
+#~ msgstr ""
+#~ "Diese Option gibt ein zusätzliches LDAP-Suchfilterkriterium an, das die "
+#~ "Benutzersuche einschränkt."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_user_search_base."
+#~ msgstr ""
+#~ "Diese Option ist zugunsten von der durch »ldap_user_search_base« "
+#~ "benutzten Syntax <emphasis>missbilligt</emphasis>."
+
+#~ msgid ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+#~ msgstr ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+
+#~ msgid ""
+#~ "This filter would restrict user searches to users that have their shell "
+#~ "set to /bin/tcsh."
+#~ msgstr ""
+#~ "Dieser Filter würde die Benutzersuche auf Benutzer beschränken, deren "
+#~ "Shell auf /bin/tcsh gesetzt ist."
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (Zeichenkette)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict group searches."
+#~ msgstr ""
+#~ "Diese Option gibt ein zusätzliches LDAP-Suchfilterkriterium an, das "
+#~ "Gruppensuchen einschränkt."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_group_search_base."
+#~ msgstr ""
+#~ "Diese Option ist <emphasis>missbilligt</emphasis> zugunsten von der durch "
+#~ "»ldap_group_search_base« benutzten Syntax."
+
+#~ msgid ""
+#~ "If filter is given in any of search bases and "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
+#~ "will be ignored."
+#~ msgstr ""
+#~ "Falls in irgendeiner der Suchgrundlagen ein Filter angegeben wurde und "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> auf »False« gesetzt ist, "
+#~ "wird der Filter ignoriert."
+
+#~ msgid "ipa_hbac_support_srchost (boolean)"
+#~ msgstr "ipa_hbac_support_srchost (Boolesch)"
+
+#~ msgid ""
+#~ "If this is set to false, then srchost as given to SSSD by PAM will be "
+#~ "ignored."
+#~ msgstr ""
+#~ "Falls dies auf »false« gesetzt ist, wird »srchost«, das durch PAM an SSSD "
+#~ "übergeben wurde, ignoriert."
+
+#~ msgid ""
+#~ "Note that if set to <emphasis>False</emphasis>, this option casuses "
+#~ "filters given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
+#~ msgstr ""
+#~ "Beachten Sie, dass diese Option, falls sie auf <emphasis>False</emphasis> "
+#~ "gesetzt ist, veranlasst, dass in <emphasis>ipa_host_search_base</"
+#~ "emphasis> angegebene Filter ignoriert werden."
+
+#~ msgid "ipa_netgroup_member_of (string)"
+#~ msgstr "ipa_netgroup_member_of (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that lists netgroup's memberships."
+#~ msgstr "das LDAP-Attribut, das die Netzgruppenmitgliedschaften aufführt"
+
+#~ msgid "ipa_netgroup_member_user (string)"
+#~ msgstr "ipa_netgroup_member_user (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists system users and groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das die Systembenutzer und Gruppen aufführt, die "
+#~ "direkte Mitglieder der Netzgruppe sind"
+
+#~ msgid "Default: memberUser"
+#~ msgstr "Voreinstellung: memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists hosts and host groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das Rechner und Rechnergruppen aufführt, die direkte "
+#~ "Mitglieder der Netzgruppe sind"
+
+#~ msgid "Default: memberHost"
+#~ msgstr "Voreinstellung: memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das FQDNs von Rechnern und Rechnergruppen aufführt, "
+#~ "die direkte Mitglieder der Netzgruppe sind"
+
+#~ msgid "Default: externalHost"
+#~ msgstr "Voreinstellung: externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+#~ msgstr "das LDAP-Attribut, das den NIS-Domain-Namen der Netzgruppe enthält"
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "Voreinstellung: nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (Zeichenkette)"
+
+#~ msgid "The object class of a host entry in LDAP."
+#~ msgstr "die Objektklasse eines Rechnereintrags in LDAP"
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "Voreinstellung: ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains FQDN of the host."
+#~ msgstr "das LDAP-Attribut, das den FQDN des Rechners enthält"
+
+#~ msgid "Default: fqdn"
+#~ msgstr "Voreinstellung: fqdn"
+
+#~ msgid "ipa_selinux_usermap_object_class (string)"
+#~ msgstr "ipa_selinux_usermap_object_class (Zeichenkette)"
+
+#~ msgid "ipa_selinux_usermap_name (string)"
+#~ msgstr "ipa_selinux_usermap_name (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains the name of SELinux usermap."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das den Namen der SELinux-Benutzerabbildung enthält"
+
+#~ msgid "ipa_selinux_usermap_member_user (string)"
+#~ msgstr "ipa_selinux_usermap_member_user (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all users / groups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das alle Benutzer/Gruppen enthält, auf die diese Regel "
+#~ "passt"
+
+#~ msgid "ipa_selinux_usermap_member_host (string)"
+#~ msgstr "ipa_selinux_usermap_member_host (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das alle Rechner/Rechnergruppen enthält, auf die diese "
+#~ "Regel passt"
+
+#~ msgid "ipa_selinux_usermap_see_also (string)"
+#~ msgstr "ipa_selinux_usermap_see_also (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+#~ "matching instead of memberUser and memberHost"
+#~ msgstr ""
+#~ "das LDAP-Attribut, das DNs von HBAC-Regeln enthält, die anstelle von "
+#~ "»memberUser« und »memberHost« zum Abgleich benutzt werden können"
+
+#~ msgid "Default: seeAlso"
+#~ msgstr "Voreinstellung: seeAlso"
+
+#~ msgid "ipa_selinux_usermap_selinux_user (string)"
+#~ msgstr "ipa_selinux_usermap_selinux_user (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains SELinux user string itself."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das die SELinux-Benutzerzeichenkette selbst enthält"
+
+#~ msgid "Default: ipaSELinuxUser"
+#~ msgstr "Voreinstellung: ipaSELinuxUser"
+
+#~ msgid "ipa_selinux_usermap_enabled (string)"
+#~ msgstr "ipa_selinux_usermap_enabled (Zeichenkette)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains whether or not is user map enabled for "
+#~ "usage."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das besagt, ob die Benutzerabbildung zur Verwendung "
+#~ "aktiviert ist oder nicht"
+
+#~ msgid "Default: ipaEnabledFlag"
+#~ msgstr "Voreinstellung: ipaEnabledFlag"
+
+#~ msgid "ipa_selinux_usermap_user_category (string)"
+#~ msgstr "ipa_selinux_usermap_user_category (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains user category such as 'all'."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das die Benutzerkategorie wie etwa »alle« enthält"
+
+#~ msgid "Default: userCategory"
+#~ msgstr "Voreinstellung: userCategory"
+
+#~ msgid "ipa_selinux_usermap_host_category (string)"
+#~ msgstr "ipa_selinux_usermap_host_category (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains host category such as 'all'."
+#~ msgstr "das LDAP-Attribut, das die Rechnerkategorie wie etwa »alle« enthält"
+
+#~ msgid "Default: hostCategory"
+#~ msgstr "Voreinstellung: hostCategory"
+
+#~ msgid "ipa_selinux_usermap_uuid (string)"
+#~ msgstr "ipa_selinux_usermap_uuid (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains unique ID of the user map."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das die eindeutige ID der Benutzerabbildung enthält"
+
+#~ msgid "Default: ipaUniqueID"
+#~ msgstr "Voreinstellung: ipaUniqueID"
+
+#~ msgid "ipa_host_ssh_public_key (string)"
+#~ msgstr "ipa_host_ssh_public_key (Zeichenkette)"
+
+#~ msgid "The LDAP attribute that contains the host's SSH public keys."
+#~ msgstr ""
+#~ "das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Rechners enthält"
+
+#~ msgid "Default: ipaSshPubKey"
+#~ msgstr "Voreinstellung: ipaSshPubKey"
+
+#~ msgid ""
+#~ "Directory to store credential caches. All the substitution sequences of "
+#~ "krb5_ccname_template can be used here, too, except %d and %P. If the "
+#~ "directory does not exist, it will be created. If %u, %U, %p or %h are "
+#~ "used, a private directory belonging to the user is created. Otherwise, a "
+#~ "public directory with restricted deletion flag (aka sticky bit, as "
+#~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> "
+#~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created."
+#~ msgstr ""
+#~ "Verzeichnis, in dem Berechtigungszwischenspeicher abgelegt werden. Hier "
+#~ "können auch alle Ersetzungssequenzen von »krb5_ccname_template« benutzt "
+#~ "werden, außer %d und %P. Falls das Verzeichnis nicht existiert, wird es "
+#~ "erstellt. Falls %u, %U, %p oder %h benutzt werden, wird ein privates "
+#~ "Verzeichnis, das dem Benutzer gehört, erstellt. Andernfalls wird ein "
+#~ "öffentliches Verzeichnis mit einem Schalter für eingeschränktes Löschen "
+#~ "(auch bekannt als Sticky-Bit, detailliert beschrieben unter "
+#~ "<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</"
+#~ "manvolnum> </citerefentry>) erstellt."
+
+#~ msgid ""
+#~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+#~ "default value as well as the lowest allowed value, 0xFFF0 is the most "
+#~ "verbose mode. This setting overrides the settings from config file."
+#~ msgstr ""
+#~ "Bit-Maske, die anzeigt, welche Debug-Stufen sichtbar sein werden. 0x0010 "
+#~ "ist sowohl der Vorgabewert als auch der niedrigste erlaubte Wert, 0xFFF0 "
+#~ "ist der Modus mit der detailreichsten Ausgabe. Diese Einstellung setzt "
+#~ "die Einstellungen aus der Konfigurationsdatei außer Kraft."
+
+#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
+#~ msgstr "Voreinstellung: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgid "SSSD Services to start"
#~ msgstr "SSSD-Dienste zum Starten"
@@ -11021,9 +11939,6 @@ msgstr "Voreinstellung: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgid "Kerberos server address"
#~ msgstr "Kerberos-Serveradresse"
-#~ msgid "Kerberos realm"
-#~ msgstr "Kerberos Realm"
-
#~ msgid "Username attribute"
#~ msgstr "Benutzername-Attribut"
@@ -11042,9 +11957,6 @@ msgstr "Voreinstellung: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgid "Full Name"
#~ msgstr "Vollständiger Name"
-#~ msgid "Login shell"
-#~ msgstr "Anmelde-Shell"
-
#~ msgid "Groups"
#~ msgstr "Gruppen"
diff --git a/src/man/po/es.po b/src/man/po/es.po
index d6ae8f9f1..37ebaf67f 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
@@ -32,7 +32,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Páginas de manual de SSSD"
@@ -68,13 +68,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "DESCRIPCION"
@@ -89,7 +89,7 @@ msgstr ""
"indicados en la línea de comandos."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -143,18 +143,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Formatos de archivo y convenciones"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "El archivo de configuración de SSSD"
@@ -231,26 +232,115 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "OPCIONES AVANZADAS"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "Agregar una marca de tiempo a los mensajes de depuración"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Predeterminado: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Predeterminado: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa "
+"para asegurar que el proceso está vivo y capaz de responder peticiones."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Predeterminado: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "SECCIONES ESPECIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Parámetros de sección"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -259,12 +349,12 @@ msgstr ""
"posteriores utilizan una versión 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "servicios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -272,12 +362,18 @@ msgstr ""
"enciende sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
+#, fuzzy
+#| msgid ""
+#| "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+#| "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+#| "condition=\"with_ssh\">, ssh</phrase> <phrase condition="
+#| "\"with_pac_responder\">, pac</phrase>"
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
"Servicios soportados: nss, pam <phrase condition=\"with_sudo\">, sudo</"
"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -285,12 +381,12 @@ msgstr ""
"\">, pac</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -299,17 +395,17 @@ msgstr ""
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "dominios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -319,12 +415,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -333,7 +429,7 @@ msgstr ""
"contiene el nombre de usuario y el dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -344,12 +440,12 @@ msgstr ""
"DOMAIN SECTIONS para más información sobre estas expresiones regulares."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -357,46 +453,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -405,12 +501,12 @@ msgstr ""
"SECCIONES DOMINIO para más información sobre esta opción."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -423,7 +519,7 @@ msgstr ""
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -434,7 +530,7 @@ msgstr ""
"'false' "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -443,7 +539,7 @@ msgstr ""
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -453,12 +549,12 @@ msgstr ""
"utilizada siempre."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -467,7 +563,7 @@ msgstr ""
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -477,7 +573,7 @@ msgstr ""
"de respuesta."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -486,12 +582,12 @@ msgstr ""
"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -507,7 +603,7 @@ msgstr ""
"usuario sin dar también un nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
@@ -517,15 +613,14 @@ msgstr ""
"user@domain.name, para acceder."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -542,12 +637,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -560,84 +655,22 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (entero)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (bool)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "Agregar una marca de tiempo a los mensajes de depuración"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Predeterminado: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (bool)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Predeterminado: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (entero)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa "
-"para asegurar que el proceso está vivo y capaz de responder peticiones."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Predeterminado: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -652,17 +685,17 @@ msgstr ""
"valor más bajo de este o de limite “hard” en limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -674,18 +707,19 @@ msgstr ""
"sistema."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Predeterminado: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr "force_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -699,13 +733,28 @@ msgstr ""
"<quote>force_timeout</quote> segundos, el monitor le forzara a caer enviando "
"una señal SIGKILL."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "force_timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "force_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -713,12 +762,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -727,17 +776,17 @@ msgstr ""
"sobre todos los usuarios)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -748,7 +797,7 @@ msgstr ""
"valor de entry_cache_timeout para el dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -764,7 +813,7 @@ msgstr ""
"actualización del cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -777,17 +826,17 @@ msgstr ""
"segundos. (0 deshabilita esta función)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -798,17 +847,17 @@ msgstr ""
"entradas no existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -821,17 +870,17 @@ msgstr ""
"filtrar sólo usuario de un dominio concreto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -839,12 +888,12 @@ msgstr ""
"opción a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -853,7 +902,7 @@ msgstr ""
"especificado una explícitamente por el proveedor de datos del dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -861,52 +910,62 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
-#, no-wrap
+#: sssd.conf.5.xml:531
+#, fuzzy, no-wrap
+#| msgid ""
+#| "override_homedir = /home/%u\n"
+#| " "
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
"override_homedir = /home/%u\n"
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
-"Anula la shell de acceso de todos los usuarios. Esta opción puede ser "
-"especificada globalmente en la sección [nss] o por dominio."
+"La shell por defecto a usar si el proveedor no devuelve una durante la "
+"búsqueda. Esta opción reemplaza cualquier otra opción de shell si toman "
+"efecto y puede fijada en la sección [nss] o por dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -914,12 +973,12 @@ msgstr ""
"evaluación es:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -928,7 +987,7 @@ msgstr ""
"shells</quote>, usa el valor del parámetro shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -937,12 +996,12 @@ msgstr ""
"shells</quote>, se usará un shell de no acceso."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr "Una cadena vacía para el shell se pasa como-es a libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -952,27 +1011,27 @@ msgstr ""
"una nueva shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -980,28 +1039,32 @@ msgstr ""
"máquina."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Predeterminado: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
"La shell por defecto a usar si el proveedor no devuelve una durante la "
"búsqueda. Esta opción reemplaza cualquier otra opción de shell si toman "
"efecto y puede fijada en la sección [nss] o por dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1011,12 +1074,12 @@ msgstr ""
"normalmente /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1025,12 +1088,12 @@ msgstr ""
"considerada válida."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
@@ -1039,17 +1102,17 @@ msgstr ""
"escondrijo en memoria serán válidos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Predeterminado: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1058,12 +1121,12 @@ msgstr ""
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1072,17 +1135,17 @@ msgstr ""
"los accesos escondidos (en días desde el último login en línea con éxito)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1091,12 +1154,12 @@ msgstr ""
"login fallados están permitidos."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1106,7 +1169,7 @@ msgstr ""
"intento de login sea posible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1117,17 +1180,17 @@ msgstr ""
"éxito puede habilitar otra vez la autenticación fuera de línea."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1136,44 +1199,44 @@ msgstr ""
"autenticación. Cuanto mayor sea el número de mensajes más aparecen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
"depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1185,7 +1248,7 @@ msgstr ""
"información más actual."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1199,17 +1262,17 @@ msgstr ""
"proveedor de identidad."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1220,7 +1283,7 @@ msgstr ""
"información desaparece, sssd no podrá mostrar un aviso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1230,7 +1293,7 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1239,27 +1302,27 @@ msgstr ""
"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Predeterminado: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr "SUDO opciones de configuración"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr "Estas opciones pueden ser usadas para configurar el servicio sudo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1268,22 +1331,22 @@ msgstr ""
"entradas de sudoers dependientes del tiempo."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr "Opciones de configuración AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1294,22 +1357,22 @@ msgstr ""
"existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr "Opciones de configuración SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1318,12 +1381,12 @@ msgstr ""
"known_host. "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1332,17 +1395,17 @@ msgstr ""
"después de que se hayan pedido sus claves de host."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr "Por defecto: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr "Opciones de configuración del respondedor PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1361,7 +1424,7 @@ msgstr ""
"siguientes operaciones:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1372,24 +1435,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1399,14 +1462,14 @@ msgstr ""
"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
"respondedor PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1419,17 +1482,17 @@ msgstr ""
"lista de UIDs permitidas también."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1438,7 +1501,7 @@ msgstr ""
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1451,24 +1514,24 @@ msgstr ""
"reportados como en espera."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerar (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1477,23 +1540,23 @@ msgstr ""
"de los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Usuarios y grupos son enumerados"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Sin enumeraciones para este dominio"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1513,7 +1576,7 @@ msgstr ""
"las afiliaciones deben ser recalculadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1523,7 +1586,7 @@ msgstr ""
"completen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1537,7 +1600,7 @@ msgstr ""
"específico id_provider en uso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1546,34 +1609,34 @@ msgstr ""
"especialmente en entornos grandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "subdomain_homedir (string)"
msgid "subdomain_enumerate (string)"
msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1582,17 +1645,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Predeterminado: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1601,17 +1664,28 @@ msgstr ""
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1620,18 +1694,18 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr "Por defecto: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1640,12 +1714,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1654,12 +1728,12 @@ msgstr ""
"válidas antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1668,12 +1742,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -1682,12 +1756,12 @@ msgstr ""
"preguntar al backend otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -1696,53 +1770,53 @@ msgstr ""
"automontaje válidos antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si las credenciales del usuario están también escondidas en el "
"cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
"plano"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1755,17 +1829,17 @@ msgstr ""
"grande o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1778,17 +1852,17 @@ msgstr ""
"configurar un proveedor de autorización para el backend."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -1796,17 +1870,17 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1817,8 +1891,8 @@ msgstr ""
"información sobre la configuración de LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1831,8 +1905,8 @@ msgstr ""
"configuración de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1844,12 +1918,12 @@ msgstr ""
"Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -1859,7 +1933,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1873,7 +1947,7 @@ msgstr ""
"command> lo haría."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1881,17 +1955,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr "No devuelve miembros de grupo para búsquedas de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1902,12 +1976,12 @@ msgstr ""
"llamadas de búsqueda de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1916,7 +1990,7 @@ msgstr ""
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1927,7 +2001,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1938,7 +2012,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -1946,12 +2020,12 @@ msgstr ""
"objetivo PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1960,12 +2034,12 @@ msgstr ""
"manejar las peticiones de autenticación."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1976,7 +2050,7 @@ msgstr ""
"proveedores especiales internos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -1985,12 +2059,12 @@ msgstr ""
"sólo permitido para un dominio local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2003,17 +2077,17 @@ msgstr ""
"configuración del módulo de acceso sencillo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2022,7 +2096,7 @@ msgstr ""
"el dominio. Los proveedores de cambio de passweord soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2034,7 +2108,7 @@ msgstr ""
"configurar LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2045,7 +2119,7 @@ msgstr ""
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2053,13 +2127,13 @@ msgstr ""
"otros objetivos PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2068,18 +2142,18 @@ msgstr ""
"puede manejar las peticiones de cambio de password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2090,24 +2164,38 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2118,7 +2206,7 @@ msgstr ""
"finalice. Los proveedores selinux soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2130,14 +2218,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
"explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2146,12 +2234,12 @@ msgstr ""
"manejar las peticiones de carga selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2161,7 +2249,7 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2173,18 +2261,18 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2192,7 +2280,7 @@ msgstr ""
"son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2204,7 +2292,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2216,17 +2304,17 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> deshabilita autofs explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2235,7 +2323,7 @@ msgstr ""
"proveedores de hostid soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2247,12 +2335,12 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> deshabilita hostid explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2262,7 +2350,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2275,22 +2363,22 @@ msgstr ""
"nombres de usuario:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr "nombre de usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr "dominio/nombre_de_usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2300,7 +2388,7 @@ msgstr ""
"dominios Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2311,7 +2399,7 @@ msgstr ""
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2323,7 +2411,7 @@ msgstr ""
"subplantillas sin nombre único."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2332,17 +2420,17 @@ msgstr ""
"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2351,42 +2439,42 @@ msgstr ""
"a usar cuando se lleven a cabo búsquedas DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2397,18 +2485,18 @@ msgstr ""
"espera, el dominio continuará operativo en modo fuera de línea."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2417,28 +2505,28 @@ msgstr ""
"de dominio de la pregunta al descubridor de servicio DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr "Anula el valor primario GID con el especificado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -2447,17 +2535,17 @@ msgstr ""
"momento, esta opción no está soportada en el proveedor local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "Predeterminado: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2471,32 +2559,32 @@ msgstr ""
"razones de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2504,23 +2592,23 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Por defecto: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2532,17 +2620,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "El proxy de destino PAM próximo a."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2551,12 +2639,12 @@ msgstr ""
"pam existente o crear una nueva y añadir el nombre de servicio aquí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2567,7 +2655,7 @@ msgstr ""
"$(function), por ejemplo _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2576,12 +2664,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2592,29 +2680,29 @@ msgstr ""
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Predeterminado: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2624,17 +2712,17 @@ msgstr ""
"de inicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2643,17 +2731,17 @@ msgstr ""
"Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2662,12 +2750,12 @@ msgstr ""
"borrados. Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2678,17 +2766,17 @@ msgstr ""
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2701,17 +2789,17 @@ msgstr ""
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Predeterminado: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2722,17 +2810,17 @@ msgstr ""
"Si no se especifica, se utiliza un valor por defecto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Predeterminado: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2743,18 +2831,18 @@ msgstr ""
"único parámetro. El código de retorno del comando no es tenido en cuenta."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "EJEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2808,7 +2896,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2825,6 +2913,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2865,8 +2958,8 @@ msgstr ""
"información sobre la utilización de LDAP como proveedor de acceso."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONES DE CONFIGURACIÓN"
@@ -2975,8 +3068,8 @@ msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
@@ -2985,7 +3078,7 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Ejemplos:"
@@ -3214,7 +3307,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "Predeterminado: gidNumber"
@@ -3278,7 +3371,7 @@ msgstr ""
"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Predeterminado: nsUniqueId"
@@ -3297,7 +3390,7 @@ msgstr ""
"es normalmente sólo necesario para servidores ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
"Por defecto: objectSid para ActiveDirectory, no fijado para otros servidores."
@@ -3308,7 +3401,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3317,7 +3410,7 @@ msgstr ""
"objeto primario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
@@ -3632,21 +3725,77 @@ msgstr "Predeterminado: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3659,12 +3808,12 @@ msgstr ""
"usar mayúsculas reales."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -3673,12 +3822,12 @@ msgstr ""
"escondrijo de los registros enumerados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3689,56 +3838,55 @@ msgstr ""
"para guardar espacio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Establecer esta opción en cero desactivará la operación de limpieza de la "
"caché."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Predeterminado: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Predeterminado: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "El atributo LDAP que lista los afiliación a grupo de usario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "Predeterminado: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3749,7 +3897,7 @@ msgstr ""
"usuario para determinar el privilegio de acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3758,7 +3906,7 @@ msgstr ""
"permiso explícito (svc) y finalmente permitir todo (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3766,17 +3914,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "Predeterminado: iluminada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3787,7 +3935,7 @@ msgstr ""
"el privilegio de acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3796,7 +3944,7 @@ msgstr ""
"SSSD para permiso explícito (host) y finalmente permitir todo (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3804,77 +3952,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "Default: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "La clase de objeto de una entrada de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Por defecto: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "El atributo LDAP que corresponde al nombre de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "El atributo LDAP que corresponde al id del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
@@ -3883,17 +4031,46 @@ msgstr ""
"normalmente sólo necesario para servidores ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3905,17 +4082,17 @@ msgstr ""
"esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3926,7 +4103,7 @@ msgstr ""
"despliegues con grupos complejos o profundamente anidados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -3936,7 +4113,7 @@ msgstr ""
"muy complejos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3947,7 +4124,7 @@ msgstr ""
"esencialmente “auto-detect”."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3960,18 +4137,18 @@ msgstr ""
"documentation</ulink> para más detalles."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr "Por defecto: False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3982,68 +4159,68 @@ msgstr ""
"notable cuando se trata con grupos complejos o profundamente anidados)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"El atributo LDAP que contiene los nombres de los miembros de grupo de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4051,59 +4228,59 @@ msgstr ""
"de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"El atributo LDAP que contiene el UUID/GUID de un objeto de grupo de red LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "Un proveedor IPA ipa_netgroup_uuid sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr "La clase objeto de una entrada de servicio en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr "Por defecto: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4111,49 +4288,49 @@ msgstr ""
"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr "Por defecto: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"El atributo LDAP que contiene los protocolos entendidos por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr "Por defecto: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4164,7 +4341,7 @@ msgstr ""
"escondidos devueltos (y se entra en modo fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4175,12 +4352,12 @@ msgstr ""
"espera para tipos específicos de búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4192,12 +4369,12 @@ msgstr ""
"fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4214,12 +4391,12 @@ msgstr ""
"citerefentry> vuelve en caso de no actividad."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4231,12 +4408,12 @@ msgstr ""
"enlazador SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4249,17 +4426,17 @@ msgstr ""
"temprano (este valor contra el tiempo de vida TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4268,17 +4445,17 @@ msgstr ""
"Algunos servidores LDAP hacen cumplir un límite máximo por petición."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4289,7 +4466,7 @@ msgstr ""
"RootDSE pero no está habilitado o no se comporta apropiadamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4299,7 +4476,7 @@ msgstr ""
"pero es incapaz de usarlo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4310,17 +4487,17 @@ msgstr ""
"puede ocasionar que algunas peticiones sean denegadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4330,12 +4507,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4346,19 +4523,19 @@ msgstr ""
"de esta opción son definidos por OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4369,7 +4546,7 @@ msgstr ""
"deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4377,7 +4554,7 @@ msgstr ""
"a 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4390,7 +4567,7 @@ msgstr ""
"soportados son 389/RHDS, OpenLDAP y Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4401,12 +4578,12 @@ msgstr ""
"será deshabilitado sin tener en cuenta este ajuste."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4416,7 +4593,7 @@ msgstr ""
"los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4425,7 +4602,7 @@ msgstr ""
"certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4436,7 +4613,7 @@ msgstr ""
"certificado malo, será ignorado y la sesión continua normalmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4447,7 +4624,7 @@ msgstr ""
"certificado malo, la sesión se termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4458,22 +4635,22 @@ msgstr ""
"termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4482,7 +4659,7 @@ msgstr ""
"de Certificación que <command>sssd</command> reconocerá."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4491,12 +4668,12 @@ msgstr ""
"etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4510,33 +4687,33 @@ msgstr ""
"para crear los nombres correctos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"Especifica el fichero que contiene el certificado para la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4547,12 +4724,12 @@ msgstr ""
"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4561,12 +4738,12 @@ msgstr ""
"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4577,18 +4754,18 @@ msgstr ""
"ldap_user_uid_number y ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4599,17 +4776,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4618,12 +4795,12 @@ msgstr ""
"probado y soportado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4636,17 +4813,17 @@ msgstr ""
"myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr "Por defecto: host/nombre_de_host@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4657,17 +4834,17 @@ msgstr ""
"reino también, esta opción se ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr "Por defecto: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -4676,34 +4853,34 @@ msgstr ""
"para para canocalizar el nombre de host durante una unión SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4714,27 +4891,27 @@ msgstr ""
"es GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4753,7 +4930,7 @@ msgstr ""
"información, vea la sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4764,7 +4941,7 @@ msgstr ""
"regresa a _tcp si no se encuentra nada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4776,29 +4953,29 @@ msgstr ""
"configuración para usar <quote>krb5_server</quote> en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -4807,12 +4984,12 @@ msgstr ""
"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4822,7 +4999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4830,12 +5007,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4844,7 +5021,7 @@ msgstr ""
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4853,7 +5030,7 @@ msgstr ""
"no puede deshabilitar las políticas de password en el lado servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4864,7 +5041,7 @@ msgstr ""
"manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4875,20 +5052,27 @@ msgstr ""
"chpass_provider=krb5 para actualizar estos atributos cuando se cambia el "
"password."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguimiento de referencias automático debería ser "
"habilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4897,7 +5081,7 @@ msgstr ""
"está compilado con OpenLDAP versión 2.4.13 o más alta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4910,29 +5094,29 @@ msgstr ""
"esta opción a false le llevará a una notable mejora de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -4942,17 +5126,17 @@ msgstr ""
"descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -4961,19 +5145,28 @@ msgstr ""
"desde el Epoch después de una operación de cambio de contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
+#, fuzzy
+#| msgid ""
+#| "If using access_provider = ldap and ldap_access_order = filter (default), "
+#| "this option is mandatory. It specifies an LDAP search filter criteria "
+#| "that must be met for the user to be granted access on this host. If "
+#| "access_provider = ldap, ldap_access_order = filter and this option is not "
+#| "set, it will result in all users being denied access. Use "
+#| "access_provider = permit to change this default behavior."
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
"Si se usa access_provider = ldap and ldap_access_order = filter (por "
"defecto), esta opción es obligatoria. Especifica un criterio de filtro de "
@@ -4984,16 +5177,20 @@ msgstr ""
"defecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Ejemplo:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -5001,16 +5198,20 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"Este ejemplo significa que el acceso a este host está restringido a miembros "
"del grupo “allowedusers” en ldap."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5023,17 +5224,17 @@ msgstr ""
"obteniendo acceso mientras esté fuera de línea y viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5042,7 +5243,7 @@ msgstr ""
"control de acceso del lado cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5053,12 +5254,12 @@ msgstr ""
"una código de error definible aunque el password sea correcto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5067,7 +5268,7 @@ msgstr ""
"determinar si la cuenta ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5080,7 +5281,7 @@ msgstr ""
"se comprueba el tiempo de expiración de la cuenta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5091,7 +5292,7 @@ msgstr ""
"el acceso o no."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5104,7 +5305,7 @@ msgstr ""
"permitido. Si ambos atributos están desaparecidos se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5112,29 +5313,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Lista separada por coma de opciones de control de acceso. Los valores "
"permitidos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5143,18 +5344,18 @@ msgstr ""
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5163,12 +5364,12 @@ msgstr ""
"una vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5177,13 +5378,13 @@ msgstr ""
"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5193,7 +5394,7 @@ msgstr ""
"búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5202,7 +5403,7 @@ msgstr ""
"cuando se localice el objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5211,7 +5412,7 @@ msgstr ""
"para la búsqueda como en la localización del objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5220,12 +5421,12 @@ msgstr ""
"librerías cliente LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5234,7 +5435,7 @@ msgstr ""
"servidores que usan el esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5252,7 +5453,7 @@ msgstr ""
"llamadas getpw*() o initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5278,57 +5479,57 @@ msgstr ""
"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr "OPCIONES SUDO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr "El objeto clase de una regla de entrada sudo en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr "Por defecto: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "El atributo LDAP que corresponde a la regla nombre de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr "El atributo LDAP que corresponde al nombre de comando."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr "Por defecto: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5337,17 +5538,17 @@ msgstr ""
"red IP del host o grupo de red del host)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr "Por defecto: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5356,32 +5557,32 @@ msgstr ""
"grupo o grupo de red del usuario)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr "Por defecto: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "El atributo LDAP que corresponde a las opciones sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr "Por defecto: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -5390,17 +5591,17 @@ msgstr ""
"pueden ejecutar como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr "Por defectot: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5409,17 +5610,17 @@ msgstr ""
"ejecutar comandos como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr "Por defecto: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -5428,17 +5629,17 @@ msgstr ""
"regla sudo es válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr "Por defecto: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5447,32 +5648,32 @@ msgstr ""
"la regla sudo dejará de ser válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr "Por defecto: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr "Por defecto: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -5482,7 +5683,7 @@ msgstr ""
"servidor)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5491,17 +5692,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr "Por defecto: 21600 (6 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5512,7 +5713,7 @@ msgstr ""
"USBN más alto que el USN más alto de las reglas escondidas)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -5521,12 +5722,12 @@ msgstr ""
"atributo modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -5535,12 +5736,12 @@ msgstr ""
"máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5549,7 +5750,7 @@ msgstr ""
"totalmente cualificados que sería usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -5558,8 +5759,8 @@ msgstr ""
"nombre de dominio totalmente cualificado automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5568,17 +5769,17 @@ msgstr ""
"emphasis> esta opción no tiene efecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr "Por defecto: no especificado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5587,7 +5788,7 @@ msgstr ""
"usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5596,12 +5797,12 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "sudo_include_netgroups (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -5610,12 +5811,12 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -5624,12 +5825,7 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5642,12 +5838,12 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr "OPCIONES AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -5656,47 +5852,68 @@ msgstr ""
"defecto del RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_autofs_map_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_autofs_map_name (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+#, fuzzy
+#| msgid "The name of an automount map entry in LDAP."
+msgid "The name of the automount master map in LDAP."
+msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: sudoUser"
+msgid "Default: auto.master"
+msgstr "Por defecto: sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr "Por defecto: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr "Por defecto: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -5705,22 +5922,28 @@ msgstr ""
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr "Por defecto: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
+#, fuzzy
+#| msgid ""
+#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+#| "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+#| "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+#| "\"variablelist\" id=\"4\"/>"
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5728,102 +5951,37 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-"Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que "
-"restringe las búsquedas del usuario."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-"Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis "
-"utilizada por ldap_user_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-"Este filtro restringiría las búsquedas del usuario a los usuario que tengan "
-"su shell fijado en /bin/tcsh."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-"Esta opción especifica un criterio de filtro de búsqueda LDAP adicional que "
-"restringe las búsquedas de grupo."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-"Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis "
-"utilizada por ldap_user_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5835,7 +5993,7 @@ msgstr ""
">"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5846,7 +6004,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -5866,20 +6024,20 @@ msgstr ""
" cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5912,13 +6070,21 @@ msgstr "Módulo PAM para SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -5928,7 +6094,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5939,22 +6105,22 @@ msgstr ""
"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr "Suprime el registro de mensajes de usuarios desconocidos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -5963,12 +6129,12 @@ msgstr ""
"en la pila para que lo usen otros módulos PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5979,12 +6145,12 @@ msgstr ""
"disponible o el password no es apropiado, se denegará el acceso al usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -5993,12 +6159,12 @@ msgstr ""
"suministrado por un módulo de password previamente apilado."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6007,7 +6173,7 @@ msgstr ""
"autenticación falla. Por defecto es 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6017,13 +6183,27 @@ msgstr ""
"PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es "
"<command>sshd</command> con <option>PasswordAuthentication</option>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "TIPOS DE MÓDULOS SUMINISTRADOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6032,12 +6212,12 @@ msgstr ""
"<option>password</option> y <option>session</option>) son suministrados."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "ARCHIVOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6049,7 +6229,7 @@ msgstr ""
"sobre como resetear un password."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6069,7 +6249,7 @@ msgstr ""
"lectura."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6084,8 +6264,28 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> "
+#| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the "
+#| "Kerberos libraries what Realm and which KDC to use. Typically this is "
+#| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+#| "Kerberos libraries. To simplify the configuration the Realm and the KDC "
+#| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+#| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>"
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
@@ -6096,7 +6296,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
"El plugin localizador Kerberos <command>sssd_krb5_locator_plugin</command> "
@@ -6273,7 +6473,7 @@ msgstr ""
"grupos locales no serán evaluados."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6334,6 +6534,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -6458,7 +6663,7 @@ msgstr ""
"host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6473,7 +6678,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6491,12 +6696,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6517,12 +6722,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Por defecto: 1200 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -6547,7 +6752,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6564,12 +6769,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6577,12 +6782,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6601,19 +6806,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -6645,7 +6850,7 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6653,75 +6858,63 @@ msgstr ""
"Vea <quote>ldap_search_base</quote> para información sobre la configuración "
"de múltiples bases de búsqueda."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-"Si se dan filtros en alguna base de búsqueda y "
-"<emphasis>ipa_hbac_support_srchost</emphasis> está fijado a False, el filtro "
-"será ingnorado."
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (cadena)Opcional. "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario "
"SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de "
"dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6729,7 +6922,7 @@ msgstr ""
"Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6738,7 +6931,7 @@ msgstr ""
"tradicional de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6747,7 +6940,7 @@ msgstr ""
"de <quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6756,7 +6949,7 @@ msgstr ""
"convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6767,12 +6960,64 @@ msgstr ""
"está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-"
+"autenticación Kerberos. Se soportan las siguientes opciones:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Predeterminado: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:405
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6783,17 +7028,17 @@ msgstr ""
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6804,12 +7049,12 @@ msgstr ""
"hay muchas peticiones de acceso de usuario hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6823,7 +7068,7 @@ msgstr ""
"período de transición:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -6832,7 +7077,7 @@ msgstr ""
"les denegará el acceso a todos los usuarios."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -6841,341 +7086,51 @@ msgstr ""
"cuidadoso con este opción, puesto que pueden abrirse accesos no pretendidos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "Predeterminado: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr "ipa_hbac_support_srchost (boolean)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr "Si se fija a false, el host fuente dado a SSSD por PAM será ignorado."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-"Advierta que si la fija a <emphasis>False</emphasis>, esta opción causa que "
-"los filtros dados en <emphasis>ipa_host_search_base</emphasis> sean "
-"ignorados;"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
#, fuzzy
#| msgid "These options can be used to configure the PAC responder."
msgid "This option should only be set by the IPA installer."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr "La localización del automontador de este cliente IPA que será usada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr "Por defecto: La localización llamada “default”"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr "ipa_netgroup_member_of (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr "El atributo LDAP que lista los afiliados del grupo de red."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr "ipa_netgroup_member_user (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-"El atributo LDAP que lista los usuarios del sistema y grupos que son "
-"miembros directos del grupo de red."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "Predeterminado: memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-"El atributo LDAP que lista los host y grupos de host que son miembros "
-"directos del grupo de red."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "Predeterminado: memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-"El atributo LDAP que lista los FQDNs de host y grupos de host que son "
-"miembros del grupo de red."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "Predeterminado: externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-"El atributo LDAP que contiene el nombre de dominio NIS del grupo de red."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "Predeterminado: nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr "El objeto clase de una entrada host en LDAP."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "Predeterminado: ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr "El atributo LDAP que contiene el FQDN del host."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "Por defecto: fqdn"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_selinux_usermap_object_class (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr "ipa_selinux_usermap_name (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "El atributo LDAP que contiene el nombre del mapa de usuario SELinux."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_selinux_usermap_member_user (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-"El atributo LDAP que contiene todos los usuarios / grupos contra los que "
-"esta regla coincide."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_selinux_usermap_member_host (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-"El atributo LDAP que contiene todos los hosts /grupos de hosts contra los "
-"que esta regla coincide."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_selinux_usermap_see_also (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-"El atributo LDAP que contiene la regla DN de HBAC que puede ser usada en "
-"lugar de memberUser o memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr "Por defecto: seeAlso"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_selinux_usermap_selinux_user (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "El atributo LDAP que contiene la cadena de usuario SELinux mismo."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr "Por defecto: ipaSELinuxUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_selinux_usermap_enabled (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-"El atributo LDAP que contiene si el mapa de usuario está o no habilitado "
-"para utilización."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr "Por defecto: ipaEnabledFlag"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ipa_selinux_usermap_user_category (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "El atributo LDAP que contiene la categoría del usuario como ‘all’."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr "Por defecto: userCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_selinux_usermap_host_category (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "El atributo LDAP que contiene la categoría del host como ‘all’."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr "Por defecto: hostCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_selinux_usermap_uuid (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "El atributo LDAP que contiene la ID única del mapa de usuario."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr "Por defecto: ipaUniqueID"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_host_ssh_public_key (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "El atributo LDAP que contiene las claves públicas SSH del host."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr "Por defecto: ipaSshPubKey"
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr "PROVEEDOR DE SUBDOMINIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7184,7 +7139,7 @@ msgstr ""
"si está configurado explícitamente o implícitamente."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7196,7 +7151,7 @@ msgstr ""
"de IPA si es necesario."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7208,7 +7163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7219,7 +7174,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7237,6 +7192,11 @@ msgstr ""
msgid "sssd-ad"
msgstr "sssd-ad"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -7299,9 +7259,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:62
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access and chpass provider. No "
+#| "configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
"Sin embargo, no es necesario ni recomendable establecer estas opciones. El "
@@ -7326,18 +7291,27 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7346,7 +7320,7 @@ msgstr ""
"se suministra, se usa la configuración del nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7355,19 +7329,19 @@ msgstr ""
"minúscula de la versión larga del dominio Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -7377,12 +7351,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr "ad_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7393,7 +7367,7 @@ msgstr ""
"identificar este host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7402,12 +7376,12 @@ msgstr ""
"Debe coincidir con el nombre del host desde que se envío la keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7417,8 +7391,173 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: Not set"
+msgstr "Predeterminado: no definido"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ldap_disable_paging (booleano)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: ipService"
+msgid "Default: permissive"
+msgstr "Por defecto: ipService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7429,29 +7568,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7462,7 +7601,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7486,7 +7625,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7498,7 +7637,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7509,7 +7648,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -7592,13 +7731,34 @@ msgstr ""
"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr "Configurando SSSD para ir a buscar reglas sudo"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
@@ -7607,7 +7767,7 @@ msgstr ""
"desde un servidor LDAP."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -7633,20 +7793,20 @@ msgstr ""
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr "El mecanismo de almacenamiento en cache de regla SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -7664,7 +7824,7 @@ msgstr ""
"reglas."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -7678,7 +7838,7 @@ msgstr ""
"tráfico de red."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -7695,7 +7855,7 @@ msgstr ""
"ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -7713,7 +7873,7 @@ msgstr ""
"reglas (que apliquen a otros usuarios) pueden haber sido borradas."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -7724,39 +7884,39 @@ msgstr ""
"valores en el atributo <emphasis>sudoHost</emphasis>:"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr "keyword ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr "comodines"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr "netgroup (en la forma \"+netgroup\")"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
"nombre de host o nombre de dominio totalmente cualificado de esta máquina"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr "una de las direcciones IP de esta máquina"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
"una de las direcciones IP de la red (en la forma \"dirección/máscara\")"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -7981,6 +8141,19 @@ msgstr ""
"Le dice a SSD que se ponga en línea inmediatamente. Esto es mayormente útil "
"para propósitos de prueba."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+#| "debug messages will be sent to stderr."
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+"Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier "
+"valor los mensajes de depuración se enviarán a stderr."
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -8308,6 +8481,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -8442,106 +8620,104 @@ msgstr "krb5_ccachedir (cadena)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Predeterminado: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (string)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "nombre de acceso"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr "UID de acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "nombre principal"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "nombre de reino"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr "directorio home"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "valor de krb5ccache_dir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "un literal ‘%’"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -8554,7 +8730,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -8563,7 +8739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -8573,19 +8749,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -8593,7 +8769,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -8604,12 +8780,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
@@ -8618,24 +8794,24 @@ msgstr ""
"validadas desde KDCs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Predeterminado: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -8643,80 +8819,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr "Por defecto: no fijado, esto es el TGT no es renovable"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
@@ -8724,12 +8900,12 @@ msgstr ""
"configurado en el KDC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -8737,83 +8913,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr "krb5_use_fast (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-"Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-"
-"autenticación Kerberos. Se soportan las siguientes opciones:"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr "Por defecto: no fijado, esto es no se usa FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr "Especifica el servidor principal para usar por FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -8827,7 +8974,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -8836,7 +8983,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -9513,6 +9660,233 @@ msgstr ""
"sistemas sin valor PASS_MAX globalmente definido)."
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Este página de manual describe la configuración del proveedor IPA para "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Para una referencia de sintaxis detalladas, vea la sección "
+"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+"Especifica la lista separada por comas de los valores UID o nombres de "
+"usuario que tiene el acceso permitido al respondedor PAC."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
+"respondedor PAC)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "Please note that although the UID 0 is used as the default it will be "
+#| "overwritten with this option. If you still want to allow the root user to "
+#| "access the PAC responder, which would be the typical case, you have to "
+#| "add 0 to the list of allowed UIDs as well."
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+"Por favor advierta que aunque la UID 0 se usa por defecto será anulada con "
+"esta opción. Si usted deses todavía permitir al usuario root acceder al "
+"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la "
+"lista de UIDs permitidas también."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+#, fuzzy
+#| msgid "username"
+msgid "name"
+msgstr "nombre de usuario"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "nombre de acceso"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "Predeterminado: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "Predeterminado: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "home directory"
+msgid "homeDirectory"
+msgstr "directorio home"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "Predeterminado: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+#, fuzzy
+#| msgid "The user's login shell."
+msgid "user shell"
+msgstr "Shell de inicio de sesión del usuario."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Todas las opciones de configuración comunes que se aplican a los dominios "
+"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
+"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
+"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+#, fuzzy
+#| msgid ""
+#| "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+"Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto "
+"configurado en el KDC."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
@@ -9752,7 +10126,7 @@ msgstr ""
"respaldo."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Configuración"
@@ -9957,13 +10331,55 @@ msgstr ""
"usted necesita usar los valore asignados manualmente, TODOS los valores "
"deben ser asignados manualmente."
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr "Algoritmo de asignación"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -9976,7 +10392,7 @@ msgstr ""
"del objeto usuario y grupo."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -9988,7 +10404,7 @@ msgstr ""
"Directory."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -10002,7 +10418,7 @@ msgstr ""
"siguiente algoritmo:"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -10013,7 +10429,7 @@ msgstr ""
"número total de rebanadas disponibles para recoger la rebanada."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -10035,14 +10451,14 @@ msgstr ""
"<quote>Configuración</quote> para detalles."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
"Configuración mínima (en la sección <quote>[domain/DOMAINNAME]</quote>):"
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -10050,7 +10466,7 @@ msgid ""
msgstr "ldap_id_mapping = True ldap_schema = ad \n"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -10062,17 +10478,17 @@ msgstr ""
"los despliegues."
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr "Configuración Avanzada"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10081,7 +10497,7 @@ msgstr ""
"asignación de SIDs de usuario y grupo de Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -10097,17 +10513,17 @@ msgstr ""
"quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr "Por defecto: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10116,7 +10532,7 @@ msgstr ""
"asignación de SIDs de usuario y grupo por Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -10132,17 +10548,17 @@ msgstr ""
"quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr "Por defecto: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
@@ -10152,13 +10568,37 @@ msgstr ""
"se divide de forma igual entre los valores mínimo y máximo, creará tantas "
"rebanadas completas como sea posible."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10169,22 +10609,22 @@ msgstr ""
"sobrepasando el algoritmo murmurhash descrito arriba."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr "Especifica el nombre del dominio por defecto."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (booleano)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -10194,7 +10634,7 @@ msgstr ""
"winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -10204,7 +10644,7 @@ msgstr ""
"adicional."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10218,6 +10658,77 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un "
"dominio está asignado consistentemente a la rebanada cero."
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -10236,108 +10747,152 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
-"Bit de máscara que indica que niveles de depuración serán visibles. 0x0010 "
-"es el valor por defecto así como el valor más bajo permitido, 0xFFF0 es el "
-"modo más verboso. Este ajuste anula los ajustes del fichero de configuración."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr "Niveles de depuración actualmente soportados:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+#| "SSSD from starting up or causes it to cease running."
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
"<emphasis>0x0010</emphasis>: Fallos fatales. Cualquier cosa que evitaría que "
"SSSD arrancara u origine el cese de la ejecución."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't "
+#| "kill the SSSD, but one that indicates that at least one major feature is "
+#| "not going to work properly."
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
"<emphasis>0x0020</emphasis>: Fallos críticos. Un error que no matará SSSD, "
"pero que indica que al menos una de las funciones principales no está "
"trabajando apropiadamente."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+#| "particular request or operation has failed."
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
"<emphasis>0x0040</emphasis>: Fallos serios. Un error anunciando que una "
"petición u operación concreta ha fallado."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that "
+#| "would percolate down to cause the operation failure of 2."
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
"<emphasis>0x0080</emphasis>: Fallos menores. Estos son errores que podrían "
"filtrarse hacia abajo para causar fallos en la operación de 2."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+#, fuzzy
+#| msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr "<emphasis>0x0100</emphasis>: Ajustes de configuración."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+#, fuzzy
+#| msgid "<emphasis>0x0200</emphasis>: Function data."
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr "<emphasis>0x0200</emphasis>: Datos de función."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+#, fuzzy
+#| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
"<emphasis>0x0400</emphasis>: Traza de mensajes para funciones de operación."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x1000</emphasis>: Trace messages for internal control "
+#| "functions."
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
"<emphasis>0x1000</emphasis>: Traza de mensajes para funciones de control "
"interno."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+#| "may be interesting."
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
"<emphasis>0x2000</emphasis>: Contenidos de variables de función interna que "
"pueden ser interesantes."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
"<emphasis>0x4000</emphasis>: Información de trazado de nivel extremadamente "
"bajo."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
+#, fuzzy
+#| msgid ""
+#| "To log required debug levels, simply add their numbers together as shown "
+#| "in following examples:"
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
"Para registrar los niveles de depuración requeridos, simplemente añada sus "
"números juntos como se muestra en los siguientes ejemplos:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
@@ -10346,7 +10901,7 @@ msgstr ""
"serios y datos de función use 0x0270."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
@@ -10356,15 +10911,26 @@ msgstr ""
"interno use 0x1310."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
+#, fuzzy
+#| msgid ""
+#| "<emphasis>Note</emphasis>: This is new format of debug levels introduced "
+#| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
"<emphasis>Nota</emphasis>: Este es un nuevo formato de niveles de depuración "
"introducido en 1.7.0. El formato más antiguo (números de 0-10) es compatible "
"pero obsoleto."
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -10450,13 +11016,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -10466,7 +11033,6 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
@@ -10475,25 +11041,27 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "sintaxis: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
+#, fuzzy
+#| msgid ""
+#| "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
+#| "must be a valid LDAP search filter as specified by http://www.ietf.org/"
+#| "rfc/rfc2254.txt"
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
"El alcance puede ser uno de \"base\", \"onelevel\" o \"subtree\". El filtro "
"debe ser un filtro de búsqueda válido LDAP como se especifica en http://www."
"ietf.org/rfc/rfc2254.txt"
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
@@ -10502,8 +11070,7 @@ msgstr ""
"<quote>ldap_search_base</quote>"
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -10589,5 +11156,270 @@ msgstr ""
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP)"
+#~ msgid ""
+#~ "Override the login shell for all users. This option can be specified "
+#~ "globally in the [nss] section or per-domain."
+#~ msgstr ""
+#~ "Anula la shell de acceso de todos los usuarios. Esta opción puede ser "
+#~ "especificada globalmente en la sección [nss] o por dominio."
+
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (cadena)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict user searches."
+#~ msgstr ""
+#~ "Esta opción especifica un criterio de filtro de búsqueda LDAP adicional "
+#~ "que restringe las búsquedas del usuario."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_user_search_base."
+#~ msgstr ""
+#~ "Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis "
+#~ "utilizada por ldap_user_search_base."
+
+#~ msgid ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+#~ msgstr ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+
+#~ msgid ""
+#~ "This filter would restrict user searches to users that have their shell "
+#~ "set to /bin/tcsh."
+#~ msgstr ""
+#~ "Este filtro restringiría las búsquedas del usuario a los usuario que "
+#~ "tengan su shell fijado en /bin/tcsh."
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (cadena)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict group searches."
+#~ msgstr ""
+#~ "Esta opción especifica un criterio de filtro de búsqueda LDAP adicional "
+#~ "que restringe las búsquedas de grupo."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_group_search_base."
+#~ msgstr ""
+#~ "Esta opción está <emphasis>obsoleta</emphasis> en favor de la sintaxis "
+#~ "utilizada por ldap_user_search_base."
+
+#~ msgid ""
+#~ "If filter is given in any of search bases and "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
+#~ "will be ignored."
+#~ msgstr ""
+#~ "Si se dan filtros en alguna base de búsqueda y "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> está fijado a False, el "
+#~ "filtro será ingnorado."
+
+#~ msgid "ipa_hbac_support_srchost (boolean)"
+#~ msgstr "ipa_hbac_support_srchost (boolean)"
+
+#~ msgid ""
+#~ "If this is set to false, then srchost as given to SSSD by PAM will be "
+#~ "ignored."
+#~ msgstr ""
+#~ "Si se fija a false, el host fuente dado a SSSD por PAM será ignorado."
+
+#~ msgid ""
+#~ "Note that if set to <emphasis>False</emphasis>, this option casuses "
+#~ "filters given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
+#~ msgstr ""
+#~ "Advierta que si la fija a <emphasis>False</emphasis>, esta opción causa "
+#~ "que los filtros dados en <emphasis>ipa_host_search_base</emphasis> sean "
+#~ "ignorados;"
+
+#~ msgid "ipa_netgroup_member_of (string)"
+#~ msgstr "ipa_netgroup_member_of (cadena)"
+
+#~ msgid "The LDAP attribute that lists netgroup's memberships."
+#~ msgstr "El atributo LDAP que lista los afiliados del grupo de red."
+
+#~ msgid "ipa_netgroup_member_user (string)"
+#~ msgstr "ipa_netgroup_member_user (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists system users and groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "El atributo LDAP que lista los usuarios del sistema y grupos que son "
+#~ "miembros directos del grupo de red."
+
+#~ msgid "Default: memberUser"
+#~ msgstr "Predeterminado: memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists hosts and host groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "El atributo LDAP que lista los host y grupos de host que son miembros "
+#~ "directos del grupo de red."
+
+#~ msgid "Default: memberHost"
+#~ msgstr "Predeterminado: memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "El atributo LDAP que lista los FQDNs de host y grupos de host que son "
+#~ "miembros del grupo de red."
+
+#~ msgid "Default: externalHost"
+#~ msgstr "Predeterminado: externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (cadena)"
+
+#~ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+#~ msgstr ""
+#~ "El atributo LDAP que contiene el nombre de dominio NIS del grupo de red."
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "Predeterminado: nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (cadena)"
+
+#~ msgid "The object class of a host entry in LDAP."
+#~ msgstr "El objeto clase de una entrada host en LDAP."
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "Predeterminado: ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (cadena)"
+
+#~ msgid "The LDAP attribute that contains FQDN of the host."
+#~ msgstr "El atributo LDAP que contiene el FQDN del host."
+
+#~ msgid "Default: fqdn"
+#~ msgstr "Por defecto: fqdn"
+
+#~ msgid "ipa_selinux_usermap_object_class (string)"
+#~ msgstr "ipa_selinux_usermap_object_class (cadena)"
+
+#~ msgid "ipa_selinux_usermap_name (string)"
+#~ msgstr "ipa_selinux_usermap_name (cadena)"
+
+#~ msgid "The LDAP attribute that contains the name of SELinux usermap."
+#~ msgstr ""
+#~ "El atributo LDAP que contiene el nombre del mapa de usuario SELinux."
+
+#~ msgid "ipa_selinux_usermap_member_user (string)"
+#~ msgstr "ipa_selinux_usermap_member_user (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all users / groups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "El atributo LDAP que contiene todos los usuarios / grupos contra los que "
+#~ "esta regla coincide."
+
+#~ msgid "ipa_selinux_usermap_member_host (string)"
+#~ msgstr "ipa_selinux_usermap_member_host (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "El atributo LDAP que contiene todos los hosts /grupos de hosts contra los "
+#~ "que esta regla coincide."
+
+#~ msgid "ipa_selinux_usermap_see_also (string)"
+#~ msgstr "ipa_selinux_usermap_see_also (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+#~ "matching instead of memberUser and memberHost"
+#~ msgstr ""
+#~ "El atributo LDAP que contiene la regla DN de HBAC que puede ser usada en "
+#~ "lugar de memberUser o memberHost"
+
+#~ msgid "Default: seeAlso"
+#~ msgstr "Por defecto: seeAlso"
+
+#~ msgid "ipa_selinux_usermap_selinux_user (string)"
+#~ msgstr "ipa_selinux_usermap_selinux_user (cadena)"
+
+#~ msgid "The LDAP attribute that contains SELinux user string itself."
+#~ msgstr "El atributo LDAP que contiene la cadena de usuario SELinux mismo."
+
+#~ msgid "Default: ipaSELinuxUser"
+#~ msgstr "Por defecto: ipaSELinuxUser"
+
+#~ msgid "ipa_selinux_usermap_enabled (string)"
+#~ msgstr "ipa_selinux_usermap_enabled (cadena)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains whether or not is user map enabled for "
+#~ "usage."
+#~ msgstr ""
+#~ "El atributo LDAP que contiene si el mapa de usuario está o no habilitado "
+#~ "para utilización."
+
+#~ msgid "Default: ipaEnabledFlag"
+#~ msgstr "Por defecto: ipaEnabledFlag"
+
+#~ msgid "ipa_selinux_usermap_user_category (string)"
+#~ msgstr "ipa_selinux_usermap_user_category (cadena)"
+
+#~ msgid "The LDAP attribute that contains user category such as 'all'."
+#~ msgstr "El atributo LDAP que contiene la categoría del usuario como ‘all’."
+
+#~ msgid "Default: userCategory"
+#~ msgstr "Por defecto: userCategory"
+
+#~ msgid "ipa_selinux_usermap_host_category (string)"
+#~ msgstr "ipa_selinux_usermap_host_category (cadena)"
+
+#~ msgid "The LDAP attribute that contains host category such as 'all'."
+#~ msgstr "El atributo LDAP que contiene la categoría del host como ‘all’."
+
+#~ msgid "Default: hostCategory"
+#~ msgstr "Por defecto: hostCategory"
+
+#~ msgid "ipa_selinux_usermap_uuid (string)"
+#~ msgstr "ipa_selinux_usermap_uuid (cadena)"
+
+#~ msgid "The LDAP attribute that contains unique ID of the user map."
+#~ msgstr "El atributo LDAP que contiene la ID única del mapa de usuario."
+
+#~ msgid "Default: ipaUniqueID"
+#~ msgstr "Por defecto: ipaUniqueID"
+
+#~ msgid "ipa_host_ssh_public_key (string)"
+#~ msgstr "ipa_host_ssh_public_key (cadena)"
+
+#~ msgid "The LDAP attribute that contains the host's SSH public keys."
+#~ msgstr "El atributo LDAP que contiene las claves públicas SSH del host."
+
+#~ msgid "Default: ipaSshPubKey"
+#~ msgstr "Por defecto: ipaSshPubKey"
+
+#~ msgid ""
+#~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+#~ "default value as well as the lowest allowed value, 0xFFF0 is the most "
+#~ "verbose mode. This setting overrides the settings from config file."
+#~ msgstr ""
+#~ "Bit de máscara que indica que niveles de depuración serán visibles. "
+#~ "0x0010 es el valor por defecto así como el valor más bajo permitido, "
+#~ "0xFFF0 es el modo más verboso. Este ajuste anula los ajustes del fichero "
+#~ "de configuración."
+
#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgstr "Predeterminado: FILE:%d/krb5cc_%U_XXXXXX"
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index 8bcdab4a1..d737c1bb6 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.8.95\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2012-07-18 21:31+0300\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
@@ -23,7 +23,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -56,13 +56,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr ""
@@ -75,7 +75,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -120,18 +120,19 @@ msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -189,75 +190,160 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+msgid "GENERAL OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -267,19 +353,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -287,12 +373,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -300,58 +386,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -360,7 +446,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -368,52 +454,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -423,22 +509,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -449,12 +534,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -463,82 +548,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -548,17 +573,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -566,18 +591,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -586,41 +612,54 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -628,7 +667,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -638,7 +677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -647,17 +686,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -665,17 +704,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -684,251 +723,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -936,59 +975,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -996,7 +1035,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1005,17 +1044,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1023,63 +1062,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1087,51 +1126,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1143,7 +1182,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1154,24 +1193,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1179,12 +1218,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1193,24 +1232,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1219,47 +1258,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1271,14 +1310,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1287,39 +1326,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1328,149 +1367,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1479,17 +1529,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1498,33 +1548,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1532,8 +1582,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1542,8 +1592,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1551,19 +1601,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1572,7 +1622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1580,17 +1630,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1598,19 +1648,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1618,7 +1668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1626,30 +1676,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1657,19 +1707,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1678,24 +1728,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1703,7 +1753,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1711,35 +1761,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1747,23 +1797,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1771,7 +1835,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1779,31 +1843,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1811,23 +1875,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1835,7 +1899,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1843,24 +1907,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1868,12 +1932,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1883,7 +1947,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1892,29 +1956,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1922,7 +1986,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1930,66 +1994,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1997,62 +2061,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2061,54 +2125,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2116,29 +2180,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2146,19 +2210,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2166,73 +2230,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2240,17 +2304,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2259,17 +2323,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2277,17 +2341,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2295,18 +2359,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2336,7 +2400,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2349,6 +2413,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2377,8 +2446,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2469,15 +2538,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2677,7 +2746,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2737,7 +2806,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2754,7 +2823,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2764,14 +2833,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3040,21 +3109,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3063,24 +3186,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3088,54 +3211,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3143,14 +3265,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3158,17 +3280,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3176,14 +3298,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3191,94 +3313,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3286,17 +3433,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3304,14 +3451,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3319,7 +3466,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3328,18 +3475,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3347,172 +3494,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3520,7 +3667,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3528,12 +3675,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3541,12 +3688,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3557,12 +3704,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3570,12 +3717,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3584,34 +3731,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3619,14 +3766,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3634,17 +3781,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3654,12 +3801,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3667,17 +3814,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3685,13 +3832,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3700,7 +3847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3708,26 +3855,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3735,7 +3882,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3743,7 +3890,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3751,41 +3898,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3794,32 +3941,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3827,24 +3974,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3852,17 +3999,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3873,29 +4020,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3904,17 +4051,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3922,49 +4069,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3972,27 +4119,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4004,7 +4151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4012,7 +4159,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4020,39 +4167,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4062,7 +4209,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4070,26 +4217,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4097,32 +4244,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4131,88 +4285,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4221,24 +4376,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4246,19 +4401,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4267,7 +4422,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4275,7 +4430,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4284,7 +4439,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4292,108 +4447,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4404,7 +4559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4422,213 +4577,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4636,106 +4791,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4744,168 +4894,130 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4913,7 +5025,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4921,7 +5033,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4934,20 +5046,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4980,11 +5092,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4992,34 +5104,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5027,56 +5139,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5084,7 +5208,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5096,7 +5220,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5108,6 +5232,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5120,7 +5249,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5250,7 +5379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5295,6 +5424,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5382,7 +5516,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5397,7 +5531,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5412,12 +5546,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5438,12 +5572,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5468,7 +5602,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5485,12 +5619,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5498,12 +5632,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5522,19 +5656,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5564,101 +5698,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5666,12 +5791,57 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+msgid "Default: try"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5679,17 +5849,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5697,12 +5867,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5711,342 +5881,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6054,7 +5952,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6066,7 +5964,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6074,7 +5972,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6088,6 +5986,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6135,7 +6038,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6154,44 +6057,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6201,12 +6113,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6214,19 +6126,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6236,8 +6148,163 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6248,29 +6315,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6278,7 +6345,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6293,7 +6360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6302,7 +6369,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6310,7 +6377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6375,20 +6442,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6404,20 +6492,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6428,7 +6516,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6437,7 +6525,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6448,7 +6536,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6459,7 +6547,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6467,37 +6555,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6684,6 +6772,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6941,6 +7036,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7039,106 +7139,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7151,7 +7247,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7160,7 +7256,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7170,17 +7266,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7188,7 +7284,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7199,36 +7295,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7236,91 +7332,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7328,81 +7424,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7416,7 +7485,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7425,7 +7494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7989,6 +8058,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8170,7 +8393,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8320,13 +8543,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8335,7 +8600,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8343,7 +8608,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8352,7 +8617,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8360,7 +8625,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8373,13 +8638,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8387,7 +8652,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8395,24 +8660,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8422,24 +8687,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8449,30 +8714,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8480,36 +8769,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8518,6 +8807,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8536,104 +8896,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8709,13 +9083,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8723,37 +9098,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 56d8d3956..8774fcc06 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-29 13:10+0000\n"
"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
@@ -27,7 +27,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Pages de manuel de SSSD"
@@ -63,13 +63,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "DESCRIPTION"
@@ -84,7 +84,7 @@ msgstr ""
"changements spécifiés sur la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -138,18 +138,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Formats de fichier et conventions"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "Le fichier de configuration pour SSSD"
@@ -227,26 +228,115 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "OPTIONS AVANCÉES"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "Ajoute un horodatage aux messages de débogage"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Par défaut : true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr "Ajouter les microsecondes à l'horodatage dans les messages de débogage"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Par défaut : false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
+"s'assurer que le processus est toujours actif et capable de répondre."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Par défaut : 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "SECTIONS SPÉCIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Paramètres de sections"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -255,12 +345,12 @@ msgstr ""
"supérieure utiliser la version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -268,12 +358,18 @@ msgstr ""
"lance."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
+#, fuzzy
+#| msgid ""
+#| "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+#| "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+#| "condition=\"with_ssh\">, ssh</phrase> <phrase condition="
+#| "\"with_pac_responder\">, pac</phrase>"
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
"Les services pris en charge : nss, pam <phrase condition=\"with_sudo\">, "
"sudo</phrase> <phrase condition=\"with_autofs\"> autofs</phrase> <phrase "
@@ -281,12 +377,12 @@ msgstr ""
"\">, pac</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -296,17 +392,17 @@ msgstr ""
"d'abandonner"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Par défaut : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -322,12 +418,12 @@ msgstr ""
"caractères soulignés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -336,7 +432,7 @@ msgstr ""
"contenant le nom d'utilisateur et de domaine dans ces composants."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -348,12 +444,12 @@ msgstr ""
"expressions régulières."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -365,33 +461,33 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr "nom d'utilisateur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
"nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -401,7 +497,7 @@ msgstr ""
"d'approbation IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -410,7 +506,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -419,12 +515,12 @@ msgstr ""
"Voir les SECTIONS DOMAINE pour plus d'informations sur cette option."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -437,7 +533,7 @@ msgstr ""
"secondes si inotify échoue."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -447,7 +543,7 @@ msgstr ""
"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -456,7 +552,7 @@ msgstr ""
"sur les autres plates-formes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -466,12 +562,12 @@ msgstr ""
"utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -480,7 +576,7 @@ msgstr ""
"de rejeu Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -490,7 +586,7 @@ msgstr ""
"relecture."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -499,12 +595,12 @@ msgstr ""
"la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -520,7 +616,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
@@ -530,15 +626,14 @@ msgstr ""
"user@domain.name, pour se connecter."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -555,12 +650,12 @@ msgstr ""
"l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "SECTIONS DE SERVICES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -573,84 +668,22 @@ msgstr ""
"section doit être <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Options générales de configuration de service"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Ces options peuvent être utilisées pour configurer les services."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (entier)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (booléen)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "Ajoute un horodatage aux messages de débogage"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Par défaut : true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (booléen)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr "Ajouter les microsecondes à l'horodatage dans les messages de débogage"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Par défaut : false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (entier)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
-"s'assurer que le processus est toujours actif et capable de répondre."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Par défaut : 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -665,17 +698,17 @@ msgstr ""
"valeur inférieure ou la limite « hard » de limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -687,18 +720,19 @@ msgstr ""
"ressources sur le système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Par défaut : 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr "force_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -712,13 +746,28 @@ msgstr ""
"<quote>force_timeout</quote> secondes, le moniteur sera arrêté violemment à "
"l'aide d'un signal SIGKILL."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "force_timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "force_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "Options de configuration NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -726,12 +775,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -740,17 +789,17 @@ msgstr ""
"énumérations (requêtes sur les informations de tous les utilisateurs)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Par défaut : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -761,7 +810,7 @@ msgstr ""
"valeur de entry_cache_timeout pour le domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -777,7 +826,7 @@ msgstr ""
"cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -790,17 +839,17 @@ msgstr ""
"de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Par défaut : 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -812,17 +861,17 @@ msgstr ""
"appel au moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Par défaut : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -836,17 +885,17 @@ msgstr ""
"certain domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Par défaut : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -854,12 +903,12 @@ msgstr ""
"membres de groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -868,7 +917,7 @@ msgstr ""
"explicitement spécifié par le fournisseur de données du domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -876,54 +925,64 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
-#, no-wrap
+#: sssd.conf.5.xml:531
+#, fuzzy, no-wrap
+#| msgid ""
+#| "override_homedir = /home/%u\n"
+#| " "
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
"override_homedir = /home/%u\n"
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
"non définis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr "override_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
-"Substitue l'interpréteur de commandes pour tous les utilisateurs. Cette "
-"option peut être spécifiée à l'échelle globale dans la section [nss] ou par "
-"domaine."
+"L'interpréteur de commande par défaut à utiliser si le fournisseur n'en "
+"donne pas un lors de la recherche. Cette option prend le pas sur toutes les "
+"autres options de shell si elle prend effet, et peut être positionnée soit "
+"dans la section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -931,14 +990,14 @@ msgstr ""
"indiquées. L'ordre d'évaluation est :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
"quote>, il est utilisé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -948,7 +1007,7 @@ msgstr ""
"shell_fallback » sera utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -957,14 +1016,14 @@ msgstr ""
"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
"à la libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -974,31 +1033,31 @@ msgstr ""
"est installé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
"utilisé automatiquement."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
"Remplace toutes les occurences de ces interpréteurs de commandes par "
"l'interpréteur de commandes par défaut"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1006,21 +1065,25 @@ msgstr ""
"commandes autorisé n'est pas installé sur la machine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Par défaut : /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
"L'interpréteur de commande par défaut à utiliser si le fournisseur n'en "
"donne pas un lors de la recherche. Cette option prend le pas sur toutes les "
@@ -1028,7 +1091,7 @@ msgstr ""
"dans la section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1038,12 +1101,12 @@ msgstr ""
"nécessaire, habituellement /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1052,12 +1115,12 @@ msgstr ""
"jugée valide."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
@@ -1066,17 +1129,17 @@ msgstr ""
"mémoire seront valides"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Par défaut : 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "Options de configuration de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1085,12 +1148,12 @@ msgstr ""
"Module (PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1100,17 +1163,17 @@ msgstr ""
"connexion réussie)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1119,12 +1182,12 @@ msgstr ""
"échouées sont autorisées."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1134,7 +1197,7 @@ msgstr ""
"soit possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1145,17 +1208,17 @@ msgstr ""
"connexion réussie en ligne peut réactiver l'authentification."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Par défaut : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1165,44 +1228,44 @@ msgstr ""
"affichés sera important."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "Actuellement sssd supporte les valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis> : afficher tous les messages et informations de "
"débogage"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Par défaut : 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1214,7 +1277,7 @@ msgstr ""
"les dernières informations."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1228,17 +1291,17 @@ msgstr ""
"fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1249,7 +1312,7 @@ msgstr ""
"ne peut afficher de message d'alerte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1259,7 +1322,7 @@ msgstr ""
"sera automatiquement affiché."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1268,28 +1331,28 @@ msgstr ""
"<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Par défaut : 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr "Options de configuration de SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le service sudo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1298,22 +1361,22 @@ msgstr ""
"les entrées sudoers sensibles au temps."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr "Options de configuration AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1325,23 +1388,23 @@ msgstr ""
"moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr "Options de configuration SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le service SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1349,12 +1412,12 @@ msgstr ""
"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1363,17 +1426,17 @@ msgstr ""
"known_hosts géré après que ses clés de système ont été demandés."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr "Par défaut : 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr "Options de configuration du répondeur PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1392,7 +1455,7 @@ msgstr ""
"décodées et évaluées, les opérations suivantes sont effectuées :"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1410,7 +1473,7 @@ msgstr ""
"default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1419,19 +1482,19 @@ msgstr ""
"ajouté à ces groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le répondeur "
"PAC."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1442,14 +1505,14 @@ msgstr ""
"seront résolus en UID au démarrage."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
"PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1462,17 +1525,17 @@ msgstr ""
"0 à la liste des UID d'utilisateurs autorisés."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "SECTIONS DOMAINES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1481,7 +1544,7 @@ msgstr ""
"dehors de ces limites, elle est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1494,7 +1557,7 @@ msgstr ""
"qui sont dans la plage seront rapportés comme prévu."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1503,17 +1566,17 @@ msgstr ""
"pas seulement leur recherche par nom ou identifiant."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1522,23 +1585,23 @@ msgstr ""
"valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = utilisateurs et groupes sont énumérés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = aucune énumération pour ce domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Par défaut : FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1559,7 +1622,7 @@ msgstr ""
"être recalculées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1569,7 +1632,7 @@ msgstr ""
"l'énumération ne se termine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1583,7 +1646,7 @@ msgstr ""
"fournisseur d'identité spécifique utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1592,34 +1655,34 @@ msgstr ""
"déconseillée, surtout dans les environnements de grande taille."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "subdomain_homedir (string)"
msgid "subdomain_enumerate (string)"
msgstr "subdomain_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1628,17 +1691,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Par défaut : aucun"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1647,17 +1710,28 @@ msgstr ""
"comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Par défaut : 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1666,18 +1740,18 @@ msgstr ""
"d'utilisateurs comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr "Par défaut : entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1686,12 +1760,12 @@ msgstr ""
"groupes comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1700,12 +1774,12 @@ msgstr ""
"netgroup comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1714,12 +1788,12 @@ msgstr ""
"service valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -1728,12 +1802,12 @@ msgstr ""
"valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -1742,12 +1816,12 @@ msgstr ""
"cartes d'automontage comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
@@ -1757,42 +1831,42 @@ msgstr ""
"actuellement pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr "Par défaut : 0 (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Détermine si les données d'identification de l'utilisateur sont aussi mis en "
"cache dans le cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Les informations d'identification utilisateur sont stockées dans une table "
"de hachage SHA512, et non en texte brut"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1805,17 +1879,17 @@ msgstr ""
"paramètre doit être supérieur ou égal à offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Par défaut : 0 (illimité)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1828,17 +1902,17 @@ msgstr ""
"fournisseur oauth doit être configuré pour le moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -1846,18 +1920,18 @@ msgstr ""
"d'identification pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
"<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1869,8 +1943,8 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1883,8 +1957,8 @@ msgstr ""
"configuration de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1896,12 +1970,12 @@ msgstr ""
"d'Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -1911,7 +1985,7 @@ msgstr ""
"communiqué à NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1925,7 +1999,7 @@ msgstr ""
"trouve."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1933,17 +2007,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1954,12 +2028,12 @@ msgstr ""
"traitement des appels de recherche de groupes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1968,7 +2042,7 @@ msgstr ""
"pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1980,7 +2054,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1991,7 +2065,7 @@ msgstr ""
"citerefentry> pour plus d'informations sur la configuration de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -1999,12 +2073,12 @@ msgstr ""
"PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> désactive l'authentification explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2013,12 +2087,12 @@ msgstr ""
"gérer les requêtes d'authentification."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2029,7 +2103,7 @@ msgstr ""
"installés). Les fournisseurs internes spécifiques sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2038,12 +2112,12 @@ msgstr ""
"d'accès autorisé pour un domaine local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> toujours refuser les accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2056,17 +2130,17 @@ msgstr ""
"d'informations sur la configuration du module d'accès simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Par défaut : <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2075,7 +2149,7 @@ msgstr ""
"domaine. Les fournisseurs pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2087,7 +2161,7 @@ msgstr ""
"configuration LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2099,7 +2173,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2107,14 +2181,14 @@ msgstr ""
"autre cible PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> pour désactiver explicitement le changement de mot de "
"passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2123,19 +2197,19 @@ msgstr ""
"peut gérer les changements de mot de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr "sudo_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en "
"charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2147,25 +2221,39 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> désactive explicitement SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
"est définie."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr "selinux_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2176,7 +2264,7 @@ msgstr ""
"fournisseur d'accès. Les fournisseurs selinux pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2188,14 +2276,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
"selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2204,12 +2292,12 @@ msgstr ""
"gérer le chargement selinux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2219,7 +2307,7 @@ msgstr ""
"fournisseurs de sous-domaine pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2231,18 +2319,18 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> désactive la récupération explicite des sous-domaines."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr "autofs_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2250,7 +2338,7 @@ msgstr ""
"en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2262,7 +2350,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,17 +2362,17 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> désactive explicitement autofs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr "hostid_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2293,7 +2381,7 @@ msgstr ""
"systèmes. Les fournisseurs de hostid pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2305,12 +2393,12 @@ msgstr ""
"configuration de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> désactive explicitement hostid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2326,7 +2414,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2339,22 +2427,22 @@ msgstr ""
"styles différents pour les noms d'utilisateurs :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2364,7 +2452,7 @@ msgstr ""
"utilisateurs de domaines Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2375,7 +2463,7 @@ msgstr ""
"importe le domaine après »"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2387,7 +2475,7 @@ msgstr ""
"prendre en charge les sous-motifs nommés multiples."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2396,17 +2484,17 @@ msgstr ""
"la syntaxe Python (?P&lt;name&gt;) pour nommer les sous-motifs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2415,48 +2503,48 @@ msgstr ""
"utiliser pour effectuer les requêtes DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Valeurs prises en charge :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
"essayer IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
"IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Par défaut : ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2467,18 +2555,18 @@ msgstr ""
"domaine continuera à opérer en mode déconnecté."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Par défaut : 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2487,29 +2575,29 @@ msgstr ""
"du domaine faisant partie de la requête DNS de découverte de services."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
"la machine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -2518,17 +2606,17 @@ msgstr ""
"Actuellement, cette option n'est pas supportée dans le fournisseur local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "Par défaut : True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2542,28 +2630,35 @@ msgstr ""
"afin d'améliorer les performances."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr "nom plat (NetBIOS) d'un sous-domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
-msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+#: sssd.conf.5.xml:1821
+#, fuzzy
+#| msgid ""
+#| "Use this homedir as default value for all subdomains within this domain. "
+#| "See <emphasis>override_homedir</emphasis> for info about possible values. "
+#| "In addition to those, the expansion below can only be used with "
+#| "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
"Utiliser ce répertoire utilisateur comme valeur par défaut pour tous les "
"sous-domaines dans ce domaine. Voir <emphasis>override_homedir</emphasis> "
@@ -2573,7 +2668,7 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2581,17 +2676,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Par défaut : <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr "realmd_tags (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -2599,7 +2694,7 @@ msgstr ""
"ce domaine."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2611,17 +2706,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible duquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2630,12 +2725,12 @@ msgstr ""
"ou en créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2646,7 +2741,7 @@ msgstr ""
"$(libName)_$(function), par exemple _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2655,12 +2750,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2671,29 +2766,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
"outils en espace utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2702,17 +2797,17 @@ msgstr ""
"replaceable> et l'utilisent comme dossier personnel."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2721,17 +2816,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2740,12 +2835,12 @@ msgstr ""
"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2756,17 +2851,17 @@ msgstr ""
"défaut sur un répertoire personnel nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2779,17 +2874,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2800,17 +2895,17 @@ msgstr ""
"précisé, la valeur par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2821,18 +2916,18 @@ msgstr ""
"code en retour de la commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2886,7 +2981,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2903,6 +2998,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2945,8 +3045,8 @@ msgstr ""
"en tant que fournisseur d'accès."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPTIONS DE CONFIGURATION"
@@ -3056,8 +3156,8 @@ msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
@@ -3066,7 +3166,7 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Exemples :"
@@ -3297,7 +3397,7 @@ msgstr ""
"L'attribut LDAP correspondant à l'id du groupe primaire de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "Par défaut : gidNumber"
@@ -3361,7 +3461,7 @@ msgstr ""
"L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Par défaut : nsUniqueId"
@@ -3380,7 +3480,7 @@ msgstr ""
"n'est habituellement nécessaire que pour les serveurs Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
"Par défaut : objectSid pour ActiveDirectory, indéfini pour les autres "
@@ -3392,7 +3492,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3401,7 +3501,7 @@ msgstr ""
"l'objet parent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Par défaut : modifyTimestamp"
@@ -3717,21 +3817,77 @@ msgstr "Par défaut : krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (chaînes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3744,12 +3900,12 @@ msgstr ""
"utiliser un nom de domaine en majuscules."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -3758,12 +3914,12 @@ msgstr ""
"d'actualiser son cache d\"énumération d'enregistrements."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3774,56 +3930,55 @@ msgstr ""
"jamais connectés) et de suppression pour économiser de l'espace."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Mettre cette option à zéro désactive l'opération de nettoyage du cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Par défaut : 1800 (12 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Par défaut : cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
"L'attribut LDAP énumérant les groupes auquel appartient un utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "Par défaut : memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3834,7 +3989,7 @@ msgstr ""
"l'utilisateur pour déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3843,7 +3998,7 @@ msgstr ""
"autorisation explicite (svc) et enfin allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3854,17 +4009,17 @@ msgstr ""
"l'option ldap_user_authorized_service de fonctionner."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "Par défaut : authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3875,7 +4030,7 @@ msgstr ""
"déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3884,7 +4039,7 @@ msgstr ""
"autorisations explicites (host) et enfin toutes les autorisations (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3895,77 +4050,77 @@ msgstr ""
"ldap_user_authorized_host de fonctionner."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "Par défaut : host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "La classe d'objet d'une entrée de groupe dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Par défaut : posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "L'attribut LDAP correspondant au nom du groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "L'attribut LDAP correspondant à l'identifiant de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "L'attribut LDAP contenant les noms des membres du groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "L'attribut LDAP contenant les UUID/GUID d'un objet groupe LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
@@ -3974,17 +4129,46 @@ msgstr ""
"n'est habituellement nécessaire que pour les serveurs Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "L'attribut LDAP contenant les noms des membres du groupe."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3996,17 +4180,17 @@ msgstr ""
"schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Par défaut : 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4018,7 +4202,7 @@ msgstr ""
"complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4028,7 +4212,7 @@ msgstr ""
"imbrications très complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4039,7 +4223,7 @@ msgstr ""
"essentiellement « auto-detect »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4052,18 +4236,18 @@ msgstr ""
"documentation de MSDN(TM)</ulink> pour plus de détails."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr "Par défaut : False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4075,71 +4259,71 @@ msgstr ""
"complexes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la "
"place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "Par défaut : nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'attribut LDAP correspondant au nom du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "Par défaut : memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4147,59 +4331,59 @@ msgstr ""
"netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Par défaut : nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr "L'attribut LDAP contenant les UUID/GUID d'un objet netgroup LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_uuid doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr "La classe d'objet d'une entrée de service LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr "Par défaut : ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4208,48 +4392,48 @@ msgstr ""
"alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "L'attribut LDAP qui contient le port géré par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr "Par défaut : ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "L'attribut LDAP qui contient les protocoles compris par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr "Par défaut : ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4260,7 +4444,7 @@ msgstr ""
"activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4271,12 +4455,12 @@ msgstr ""
"différents types de recherches."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4287,12 +4471,12 @@ msgstr ""
"résultats mis en cache (et activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4309,12 +4493,12 @@ msgstr ""
"citerefentry> rendent la main en cas d'inactivité."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4325,12 +4509,12 @@ msgstr ""
"contrôler le délai de communication avec le KDC dans le cas d'un appel SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4343,17 +4527,17 @@ msgstr ""
"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr "Par défaut : 900 (15 minutes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4362,17 +4546,17 @@ msgstr ""
"Certains serveurs LDAP imposent une limite maximale par requête."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "Par défaut : 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4384,7 +4568,7 @@ msgstr ""
"correctement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4394,7 +4578,7 @@ msgstr ""
"sera impossible de l'utiliser."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4405,17 +4589,17 @@ msgstr ""
"cela peut entraîner l'échec de certaines demandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr "Désactiver la récupération de plage Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4431,12 +4615,12 @@ msgstr ""
"apparaissant ainsi sans aucun membre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4447,19 +4631,19 @@ msgstr ""
"de cette option sont définies par OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
"par ldap.conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4470,7 +4654,7 @@ msgstr ""
"membres manquants est inférieur, ils sont recherchés individuellement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4478,7 +4662,7 @@ msgstr ""
"affectant la valeur 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4491,7 +4675,7 @@ msgstr ""
"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4502,12 +4686,12 @@ msgstr ""
"déréférencement est désactivée indépendamment de ce paramètre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4516,7 +4700,7 @@ msgstr ""
"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4525,7 +4709,7 @@ msgstr ""
"quelconque certificat du serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4536,7 +4720,7 @@ msgstr ""
"certificat est fourni, il est ignoré et la session continue normalement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4547,7 +4731,7 @@ msgstr ""
"certificat est fourni, la session se termine immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4558,22 +4742,22 @@ msgstr ""
"immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Par défaut : hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4582,7 +4766,7 @@ msgstr ""
"certification que <command>sssd</command> reconnaîtra."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4591,12 +4775,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4610,32 +4794,32 @@ msgstr ""
"corrects."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Définit le fichier qui contient le certificat pour la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr "Définit le fichier qui contient la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4647,12 +4831,12 @@ msgstr ""
"manvolnum></citerefentry> pour le format."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4662,12 +4846,12 @@ msgstr ""
"canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4679,19 +4863,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Cette fonctionnalité ne prend actuellement en charge que la correspondance "
"par objectSID avec Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (entiers)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4711,17 +4895,17 @@ msgstr ""
"identifiants."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr "Par défaut : non indiqué (les deux options sont à 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4730,12 +4914,12 @@ msgstr ""
"pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4749,17 +4933,17 @@ msgstr ""
"exemple host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr "Par défaut : host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4770,17 +4954,17 @@ msgstr ""
"domaine, cette option est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr "Par défaut : la valeur de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -4789,34 +4973,34 @@ msgstr ""
"le nom de l'hôte au cours d'une liaison SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Défaut : false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4827,27 +5011,27 @@ msgstr ""
"SASL est utilisé et que le mécanisme choisi est GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4867,7 +5051,7 @@ msgstr ""
"SERVICES</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4878,7 +5062,7 @@ msgstr ""
"comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4890,29 +5074,29 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -4922,12 +5106,12 @@ msgstr ""
"Kerberos > = 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4942,7 +5126,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4954,12 +5138,12 @@ msgstr ""
"localisation."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4968,7 +5152,7 @@ msgstr ""
"valeurs suivantes sont acceptées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4977,7 +5161,7 @@ msgstr ""
"peut pas désactiver la politique sur les mots de passe du côté serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4988,7 +5172,7 @@ msgstr ""
"manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4999,18 +5183,25 @@ msgstr ""
"chpass_provider=krb5 afin de modifier ces attributs lorsque le mot de passe "
"est changé."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "Définit si le déréférencement automatique doit être activé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5019,7 +5210,7 @@ msgstr ""
"compilé avec OpenLDAP version 2.4.13 ou supérieur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5033,29 +5224,29 @@ msgstr ""
"permettre d'améliorer de façon notable les performances."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Définit le nom de service à utiliser quand la découverte de services est "
"activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Par défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5064,19 +5255,19 @@ msgstr ""
"un changement de mot de passe quand la découverte de services est activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le service de découverte est "
"désactivé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5086,19 +5277,28 @@ msgstr ""
"de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
+#, fuzzy
+#| msgid ""
+#| "If using access_provider = ldap and ldap_access_order = filter (default), "
+#| "this option is mandatory. It specifies an LDAP search filter criteria "
+#| "that must be met for the user to be granted access on this host. If "
+#| "access_provider = ldap, ldap_access_order = filter and this option is not "
+#| "set, it will result in all users being denied access. Use "
+#| "access_provider = permit to change this default behavior."
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
"Cette option est obligatoire lors de l'utilisation de access_provider = ldap "
"et ldap_access_order = filter (qui sont les valeurs par défaut). Elle "
@@ -5109,16 +5309,20 @@ msgstr ""
"permit de changer ce comportement par défaut."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -5126,16 +5330,20 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"Cet exemple montre un accès à l'hôte restreint aux membres du groupe LDAP « "
"allowedusers »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5147,17 +5355,17 @@ msgstr ""
"Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "Par défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5166,7 +5374,7 @@ msgstr ""
"être activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5178,12 +5386,12 @@ msgstr ""
"correct."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "Les valeurs suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5192,7 +5400,7 @@ msgstr ""
"pour déterminer si le compte a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5205,7 +5413,7 @@ msgstr ""
"d'expiration du compte est aussi vérifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5216,7 +5424,7 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5229,7 +5437,7 @@ msgstr ""
"est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5240,29 +5448,29 @@ msgstr ""
"ldap_account_expire_policy de fonctionner."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Liste séparées par des virgules des options de contrôles d'accès. Les "
"valeurs autorisées sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5271,18 +5479,18 @@ msgstr ""
"authorizedService pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Par défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5291,12 +5499,12 @@ msgstr ""
"de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5305,12 +5513,12 @@ msgstr ""
"recherche. Les options suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5320,7 +5528,7 @@ msgstr ""
"recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5329,7 +5537,7 @@ msgstr ""
"la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5338,7 +5546,7 @@ msgstr ""
"recherche et et la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5347,12 +5555,12 @@ msgstr ""
"bibliothèques clientes LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5361,7 +5569,7 @@ msgstr ""
"LDAP pour les serveurs qui utilisent le schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5379,7 +5587,7 @@ msgstr ""
"initgoups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5405,57 +5613,57 @@ msgstr ""
"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr "OPTIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr "Par défaut : sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr "L'attribut LDAP qui correspond au nom de la commande."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr "Par défaut : sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5464,17 +5672,17 @@ msgstr ""
"réseau IP de l'hôte ou netgroup de l'hôte)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr "Par défaut : sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5483,32 +5691,32 @@ msgstr ""
"groupe ou netgroup de l'utilisateur)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr "Par défaut : sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "L'attribut LDAP qui correspond aux options sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr "Par défaut : sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -5517,17 +5725,17 @@ msgstr ""
"nom d'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr "Par défaut : sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5536,17 +5744,17 @@ msgstr ""
"les commandes seront être exécutées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr "Par défaut : sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -5555,17 +5763,17 @@ msgstr ""
"règle sudo est valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr "Par défaut : sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5574,32 +5782,32 @@ msgstr ""
"règle sudo ne sera plus valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr "Par défaut : sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr "Par défaut : sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -5609,7 +5817,7 @@ msgstr ""
"règles qui sont stockées sur le serveur)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5618,17 +5826,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr "Par défaut : 21600 (6 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5640,7 +5848,7 @@ msgstr ""
"cache)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -5649,12 +5857,12 @@ msgstr ""
"modifyTimestamp est utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -5664,12 +5872,12 @@ msgstr ""
"noms de systèmes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5678,7 +5886,7 @@ msgstr ""
"doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -5687,8 +5895,8 @@ msgstr ""
"nom de système et le nom de domaine pleinement qualifié."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5697,17 +5905,17 @@ msgstr ""
"emphasis>, alors cette option n'a aucun effet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr "Par défaut : non spécifié"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5716,7 +5924,7 @@ msgstr ""
"IPv6 qui doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5725,12 +5933,12 @@ msgstr ""
"automatiquement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -5739,12 +5947,12 @@ msgstr ""
"netgroup dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -5753,12 +5961,7 @@ msgstr ""
"un joker dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5771,12 +5974,12 @@ msgstr ""
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr "OPTIONS AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -5785,48 +5988,69 @@ msgstr ""
"qui est RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_autofs_map_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_autofs_map_name (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+#, fuzzy
+#| msgid "The name of an automount map entry in LDAP."
+msgid "The name of the automount master map in LDAP."
+msgstr "Le nom d'une entrée de table de montage automatique dans LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: sudoUser"
+msgid "Default: auto.master"
+msgstr "Par défaut : sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
"La classe d'objet d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr "Par défaut : automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr "Le nom d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr "Par défaut : ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -5835,22 +6059,28 @@ msgstr ""
"généralement à un point de montage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr "Par défaut : automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
+#, fuzzy
+#| msgid ""
+#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+#| "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+#| "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+#| "\"variablelist\" id=\"4\"/>"
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5858,102 +6088,37 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (chaînes)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-"Cette option définit un filtre de recherche LDAP supplémentaire qui "
-"restreint les recherches utilisateur."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-"Cette option est <emphasis>déconseillée</emphasis> en faveur de la syntaxe "
-"utilisée par ldap_user_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-"Ce filtre restreindrait les recherches aux seuls utilisateurs qui ont leur "
-"interpréteur de commande défini en /bin/tcsh."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (chaînes)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-"Cette option définit un filtre de recherche LDAP supplémentaire qui "
-"restreint les recherches de groupe."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-"Cette option est <emphasis>déconseillée</emphasis> en faveur de la syntaxe "
-"utilisée par ldap_group_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5965,7 +6130,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5976,7 +6141,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -5996,20 +6161,20 @@ msgstr ""
" cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6042,13 +6207,21 @@ msgstr "Module PAM pour SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -6058,7 +6231,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6069,22 +6242,22 @@ msgstr ""
"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr "Supprimer les messages de journal pour les utilisateurs inconnus."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6093,12 +6266,12 @@ msgstr ""
"inséré en mémoire pour les autres modules PAM utilisés."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6110,12 +6283,12 @@ msgstr ""
"l'utilisateur verra son accès refusé."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6124,12 +6297,12 @@ msgstr ""
"passe par celui fourni par un module de mot de passe déjà chargé en mémoire."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6138,7 +6311,7 @@ msgstr ""
"l'authentification échoue. Par défaut : 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6149,13 +6322,27 @@ msgstr ""
"l'utilisateur. Un exemple typique est <command>sshd</command> avec "
"<option>PasswordAuthentication</option>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "TYPES DE MODULES FOURNIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6164,12 +6351,12 @@ msgstr ""
"<option>password</option> et <option>session</option>) sont fournis."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "FICHIERS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6181,7 +6368,7 @@ msgstr ""
"exemple, contenir les instructions permettant la réinitialisation."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6201,7 +6388,7 @@ msgstr ""
"utilisateurs doivent avoir les autorisations en lecture seule."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6216,8 +6403,28 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> "
+#| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the "
+#| "Kerberos libraries what Realm and which KDC to use. Typically this is "
+#| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+#| "Kerberos libraries. To simplify the configuration the Realm and the KDC "
+#| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+#| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>"
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
@@ -6228,7 +6435,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
"Le greffon de localisation Kerberos <command>sssd_krb5_locator_plugin</"
@@ -6409,7 +6616,7 @@ msgstr ""
"pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6470,6 +6677,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -6594,7 +6806,7 @@ msgstr ""
"identifier l'hôte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (booléen)"
@@ -6614,7 +6826,7 @@ msgstr ""
"l'utilisation de l'option <quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6636,12 +6848,12 @@ msgstr ""
"configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6668,12 +6880,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Par défaut : 1200 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -6705,7 +6917,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
@@ -6730,12 +6942,12 @@ msgstr ""
"seront utilisés comme serveurs de repli"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6747,12 +6959,12 @@ msgstr ""
"configurée à true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6777,12 +6989,12 @@ msgid "Default: False (disabled)"
msgstr "Par défaut : False (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -6791,7 +7003,7 @@ msgstr ""
"communication avec le serveur DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
@@ -6825,7 +7037,7 @@ msgstr ""
"des objets."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6833,83 +7045,71 @@ msgstr ""
"Cf. <quote>ldap_search_base</quote> pour plus d'informations sur la "
"configuration des bases de recherche multiples."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-"Si le filtre est donné dans l'une des bases de recherche et "
-"<emphasis>ipa_hbac_support_srchost</emphasis> a la valeur False, le filtre "
-"sera ignoré."
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
"mappages utilisateur SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche pour les "
"domaines approuvés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Facultatif. Utiliser la chaîne donnée comme base de recherche objet de "
"domaine maître."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6918,7 +7118,7 @@ msgstr ""
"original."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6927,7 +7127,7 @@ msgstr ""
"valeur de <quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6936,7 +7136,7 @@ msgstr ""
"convertit en DN de base pour effectuer les opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6947,12 +7147,74 @@ msgstr ""
"Cette fonctionnalité est disponible avec MIT Kerberos > = 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Active le flexible authentication secure tunneling (FAST) pour la pré-"
+"authentification Kerberos. Les options suivantes sont supportées :"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr "<emphasis>h</emphasis> pour heures"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+#, fuzzy
+#| msgid ""
+#| "<emphasis>try</emphasis> to use FAST. If the server does not support "
+#| "FAST, continue the authentication without it."
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+"<emphasis>essayer</emphasis> d'utiliser FAST. Si le serveur ne prend pas en "
+"charge FAST, continuer l'authentification sans."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+"<emphasis>imposer</emphasis> d'utiliser FAST. L'authentification échoue si "
+"le serveur ne requiert pas FAST."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Par défaut : true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+"NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos "
+"version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de "
+"MIT Kerberos avec cette option est une erreur de configuration."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:405
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6963,17 +7225,17 @@ msgstr ""
"beaucoup de requêtes de contrôle d'accès sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6984,12 +7246,12 @@ msgstr ""
"requêtes de connexions utilisateurs sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -7003,7 +7265,7 @@ msgstr ""
"charge les deux modes opératoires pendant cette période de transition :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -7012,7 +7274,7 @@ msgstr ""
"utilisateur ne pourra se connecter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -7021,39 +7283,17 @@ msgstr ""
"Attention avec cette option, elle peut ouvrir des accès imprévus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "Par défaut : DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr "ipa_hbac_support_srchost (booléen)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr "Si false, srchost tel qu'il figure à SSSD par PAM sera ignoré."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-"Noter que si la valeur <emphasis>False</emphasis>, cette option implique que "
-"les filtres donnés en <emphasis>ipa_host_search_base</emphasis> seront "
-"ignorés ;"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
#, fuzzy
#| msgid "This options should only be set by the IPA installer."
msgid "This option should only be set by the IPA installer."
@@ -7061,7 +7301,7 @@ msgstr ""
"Cette option ne doit être utilisée que par le programme d'installation IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7071,295 +7311,27 @@ msgstr ""
"domaines approuvés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr "L'emplacement à automonter qu'utilisera ce client IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr "Par défaut : Le lieu nommé « default »"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr "ipa_netgroup_member_of (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr "L'attribut LDAP qui répertorie les appartenances aux netgroups."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr "ipa_netgroup_member_user (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-"L'attribut LDAP qui répertorie les utilisateurs et les groupes qui sont "
-"membres directs du netgroup."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "Par défaut : memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-"L'attribut LDAP qui répertorie les systèmes et les groupes de systèmes qui "
-"sont membres directs du netgroup."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "Par défaut : memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-"L'attribut LDAP qui répertorie les noms de domaines complets des systèmes et "
-"des groupes de systèmes qui appartiennent au groupe réseau."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "Par défaut : externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "Par défaut : nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr "La classe de l'objet d'une entrée d'hôte dans l'annuaire LDAP."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "Par défaut : ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr "L'attribut LDAP qui contient le nom de domaine complet du système."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "Par défaut : nom de domaine complet"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_selinux_usermap_object_class (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr "ipa_selinux_usermap_name (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "L'attribut LDAP qui contient le nom de SELinux usermap."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_selinux_usermap_member_user (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-"L'attribut LDAP qui contient tous les utilisateurs / groupes correspondant à "
-"cette règle."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_selinux_usermap_member_host (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-"L'attribut LDAP qui contient tous les hôtes / hostgroups correspondant à "
-"cette règle."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_selinux_usermap_see_also (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-"L'attribut LDAP qui contient le DN de la règle de HBAC qui peut être utilisé "
-"pour la correspondance au lieu de memberUser et memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr "Par défaut : seeAlso"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_selinux_usermap_selinux_user (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "L'attribut LDAP qui contient la chaîne utilisateur SELinux."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr "Par défaut : ipaSELinuxUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_selinux_usermap_enabled (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-"L'attribut LDAP qui contient le fait que la carte utilisateur est activée "
-"pour utilisation ou non."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr "Par défaut : ipaEnabledFlag"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ipa_selinux_usermap_user_category (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-"L'attribut LDAP qui contient la catégorie utilisateur tels que « all »."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr "Par défaut : userCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_selinux_usermap_host_category (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "L'attribut LDAP qui contient la catégorie hôte tels que « all »."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr "Par défaut : hostCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_selinux_usermap_uuid (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr "Par défaut : ipaUniqueID"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_host_ssh_public_key (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr "Par défaut : ipaSshPubKey"
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr "FOURNISSEURS DE SOUS-DOMAINES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7368,7 +7340,7 @@ msgstr ""
"configuré explicitement ou implicitement."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7380,7 +7352,7 @@ msgstr ""
"serveur IPA si nécessaire."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7400,7 +7372,7 @@ msgstr ""
"fournisseur de sous-domaines est à nouveau activé."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7411,7 +7383,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7429,6 +7401,13 @@ msgstr ""
msgid "sssd-ad"
msgstr "sssd-ad"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+#, fuzzy
+#| msgid "Disable Active Directory range retrieval."
+msgid "SSSD Active Directory provider"
+msgstr "Désactiver la récupération de plage Active Directory."
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -7491,9 +7470,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:62
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access and chpass provider. No "
+#| "configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le "
@@ -7513,14 +7497,25 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:68
+#, fuzzy
+#| msgid ""
+#| "By default, the AD provider will map UID and GID values from the "
+#| "objectSID parameter in Active Directory. For details on this, see the "
+#| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
+#| "mapping and instead rely on POSIX attributes defined in Active Directory, "
+#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> Users, "
+#| "groups and other entities served by SSSD are always treated as case-"
+#| "insensitive in the AD provider for compatibility with Active Directory's "
+#| "LDAP implementation."
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
msgstr ""
"Dans son comportement par défaut, le fournisseur AD associera les valeurs "
"UID et GID à partir du paramètre objectSID dans Active Directory. Pour plus "
@@ -7533,13 +7528,21 @@ msgstr ""
"AD de manière à rester compatible avec la mise en œuvre de LDAP dans Active "
"Directory."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr "ad_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7548,7 +7551,7 @@ msgstr ""
"n'est pas fourni, le nom de domaine de la configuration est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7557,7 +7560,7 @@ msgstr ""
"domaine Active Directory, spécifié en minuscules."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -7566,12 +7569,12 @@ msgstr ""
"autodétecté par SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -7587,12 +7590,12 @@ msgstr ""
"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7603,7 +7606,7 @@ msgstr ""
"identifier ce système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7613,12 +7616,12 @@ msgstr ""
"publié un fichier keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7635,8 +7638,173 @@ msgstr ""
"configuration SRV du DNS, incluant la découverte de domaine, est aussi "
"utilisée pendant la découverte de site."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: Not set"
+msgstr "Par défaut : non défini"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_enable_dns_sites (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ad_enable_dns_sites (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (chaîne)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: ipService"
+msgid "Default: permissive"
+msgstr "Par défaut : ipService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7654,22 +7822,22 @@ msgstr ""
"<quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr "Par défaut : 3600 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -7679,7 +7847,7 @@ msgstr ""
"principals d'entreprise."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7690,7 +7858,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7714,7 +7882,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7726,7 +7894,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7737,7 +7905,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -7824,13 +7992,34 @@ msgstr ""
"disponibles dans <citerefentry><refentrytitle>sudoers.ldap</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry>."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr "Configuration de SSSD pour aller chercher les règles de sudo"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
@@ -7839,7 +8028,7 @@ msgstr ""
"sudo à partir d'un serveur LDAP."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -7865,23 +8054,28 @@ msgstr ""
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
+#, fuzzy
+#| msgid ""
+#| "When the SSSD is configured to use the IPA provider, the sudo provider is "
+#| "automatically enabled. The sudo search base is configured to use the "
+#| "compat tree (ou=sudoers,$DC)."
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
"Lorsque SSSD est configuré pour utiliser le fournisseur IPA, le fournisseur "
"sudo est ajouté automatiquement. La base de recherche de sudo est alors "
"configurée pour utiliser la branche de compatibilité (ou=sudoers,$DC)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr "Le mécanisme de mise en cache de règles SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -7899,7 +8093,7 @@ msgstr ""
"intelligent et rafraîchissement des règles."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -7913,7 +8107,7 @@ msgstr ""
"gros de trafic réseau."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -7931,7 +8125,7 @@ msgstr ""
"des règles sudo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -7950,7 +8144,7 @@ msgstr ""
"(s'appliquant à d'autres utilisateurs) peuvent avoir été supprimées."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -7961,38 +8155,38 @@ msgstr ""
"des valeurs suivantes dans l'attribut de <emphasis>sudoHost</emphasis> :"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr "mot-clé ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr "joker"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr "netgroup (sous la forme « +netgroup »)"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
"nom de système ou le nom de domaine pleinement qualifié de cette machine"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr "une des adresses IP de cette machine"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr "une des adresses IP du réseau (sous la forme « adresse/masque »)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -8221,6 +8415,20 @@ msgstr ""
"Précise à SSSD de passer en mode hors-ligne immédiatement. C'est surtout "
"utile pour faire des tests."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+#| "debug messages will be sent to stderr."
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur "
+"quelconque, des messages de débogage seront envoyés sur la sortie standard "
+"d'erreur."
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -8548,6 +8756,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -8688,114 +8901,104 @@ msgstr "krb5_ccachedir (chaîne)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
-msgstr ""
-"Répertoire pour stocker les caches crédits. Toutes les séquences de "
-"substitution de krb5_ccname_template peuvent être utilisée ici, hormis %d et "
-"%P. Si le dossier n'existe pas, il sera créé. Si %u, %U, %p ou %h sont "
-"utilisés, un répertoire privé appartenant à l'utilisateur est créé. Sinon un "
-"répertoire public avec un drapeau de restriction à la suppression (aussi "
-"appelé « sticky bit », cf. <citerefentry> <refentrytitle>chmod</"
-"refentrytitle> <manvolnum>1</manvolnum> </citerefentry> pour plus de "
-"détails) est créé."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Par défaut : /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (chaîne)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "identifiant de connexion"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr "UID de l'utilisateur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "nom du principal"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "nom de domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr "répertoire personnel"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "valeur de krb5ccache_dir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr "l'ID de processus du client SSSD"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "un « % » littéral"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
#, fuzzy
#| msgid ""
#| "Location of the user's credential cache. Two credential cache types are "
@@ -8825,7 +9028,7 @@ msgstr ""
"unique en toute sécurité."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -8834,7 +9037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -8844,19 +9047,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -8867,7 +9070,7 @@ msgstr ""
"d'authentification sera effectuée hors-ligne si cela est possible."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -8886,12 +9089,12 @@ msgstr ""
"keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
@@ -8900,17 +9103,17 @@ msgstr ""
"d'identification obtenues à partir de KDC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Par défaut : /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
@@ -8920,7 +9123,7 @@ msgstr ""
"disponible en ligne."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -8932,12 +9135,12 @@ msgstr ""
"accessibles à l'utilisateur root (avec difficulté)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
@@ -8946,32 +9149,32 @@ msgstr ""
"entier immédiatement suivi par une unité de temps :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr "<emphasis>s</emphasis> pour secondes"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr "<emphasis>m</emphasis> pour minutes"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr "<emphasis>h</emphasis> pour heures"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr "<emphasis>d</emphasis> pour jours."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
@@ -8981,18 +9184,18 @@ msgstr ""
"de « 1h30m »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le TGT n'est pas renouvelable"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
@@ -9001,12 +9204,12 @@ msgstr ""
"suivi par une unité de temps :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr "Si aucune unité n'est spécifiée, <emphasis>s</emphasis> est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
@@ -9015,7 +9218,7 @@ msgstr ""
"de vie de une heure et trente minutes, utiliser « 90m » au lieu de « 1h30m »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
@@ -9023,12 +9226,12 @@ msgstr ""
"dans le KDC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr "krb5_renew_interval (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -9040,28 +9243,14 @@ msgstr ""
"de temps :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
"Si cette option n'est pas définie ou définie à 0, le renouvellement "
"automatique est désactivé."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr "krb5_use_fast (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-"Active le flexible authentication secure tunneling (FAST) pour la pré-"
-"authentification Kerberos. Les options suivantes sont supportées :"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
@@ -9070,7 +9259,7 @@ msgstr ""
"cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
@@ -9079,47 +9268,27 @@ msgstr ""
"charge FAST, continuer l'authentification sans."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-"<emphasis>imposer</emphasis> d'utiliser FAST. L'authentification échoue si "
-"le serveur ne requiert pas FAST."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr "Par défaut : non défini, i.e. FAST n'est pas utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr "NOTE : un fichier keytab est requis pour utiliser FAST."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-"NOTE : SSSD prend en charge le paramètre FAST uniquement avec MIT Kerberos "
-"version 1.8 et au-delà. L'utilisation de SSSD avec une version antérieure de "
-"MIT Kerberos avec cette option est une erreur de configuration."
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
@@ -9129,8 +9298,10 @@ msgstr ""
"et versions suivantes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+#, fuzzy
+#| msgid "Default: false (AD provide: true)"
+msgid "Default: false (AD provider: true)"
msgstr "Par défaut : false (AD provide: true)"
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9150,7 +9321,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -9163,7 +9334,7 @@ msgstr ""
"et n'inclut aucun fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -9846,6 +10017,238 @@ msgstr ""
"octets sur les systèmes sans valeur globale définie de PASS_MAX)."
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"Cette page de manuel décrit la configuration du fournisseur IPA pour "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Pour une référence détaillée sur la syntaxe, veuillez "
+"regarder la section <quote>FORMAT DE FICHIER</quote> de la page de manuel "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+"Les options suivantes peuvent être utilisées pour configurer le répondeur "
+"PAC."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs "
+"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs "
+"seront résolus en UID au démarrage."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
+"PAC)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "Please note that although the UID 0 is used as the default it will be "
+#| "overwritten with this option. If you still want to allow the root user to "
+#| "access the PAC responder, which would be the typical case, you have to "
+#| "add 0 to the list of allowed UIDs as well."
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+"Noter que bien que l'UID 0 est utilisé par défaut, il sera remplacé par "
+"cette option. Si vous voulez continuer à permettre à l'utilisateur root à "
+"accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter "
+"0 à la liste des UID d'utilisateurs autorisés."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+#, fuzzy
+#| msgid "username"
+msgid "name"
+msgstr "username"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "identifiant de connexion"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "par défaut : uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+#, fuzzy
+#| msgid "user name"
+msgid "user ID"
+msgstr "nom d'utilisateur"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "Par défaut : gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "home directory"
+msgid "homeDirectory"
+msgstr "répertoire personnel"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "Par défaut : loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+#, fuzzy
+#| msgid "user name"
+msgid "user shell"
+msgstr "nom d'utilisateur"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Toutes les options de configuration communes appliquées aux domaines SSSD "
+"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
+"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
+"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+#, fuzzy
+#| msgid ""
+#| "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+"Par défaut : non défini, c'est-à-dire la durée de vie par défaut configurée "
+"dans le KDC."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
@@ -10089,7 +10492,7 @@ msgstr ""
"les serveurs secondaires."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Configuration"
@@ -10294,13 +10697,55 @@ msgstr ""
"manuellement. Si vous avez besoin d'utiliser des valeurs attribuées "
"manuellement, TOUTES les valeurs doivent être assignées manuellement."
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr "Algorithme de correspondance"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -10313,7 +10758,7 @@ msgstr ""
"relatif (RID) de l'objet utilisateur ou groupe."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -10325,7 +10770,7 @@ msgstr ""
"Active Directory."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -10339,7 +10784,7 @@ msgstr ""
"suivant est utilisé :"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -10351,7 +10796,7 @@ msgstr ""
"prendre la tranche."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -10373,7 +10818,7 @@ msgstr ""
"d'informations, voir <quote>Configuration</quote>."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
@@ -10381,7 +10826,7 @@ msgstr ""
"quote>) :"
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -10391,7 +10836,7 @@ msgstr ""
"ldap_schema = ad\n"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -10402,17 +10847,17 @@ msgstr ""
"2 000 100 000. Cela devrait être suffisant pour la plupart des déploiements."
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr "Configuration avancée"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (integer)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10421,7 +10866,7 @@ msgstr ""
"en correspondance d'identifiants utilisateurs et groupes Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -10437,17 +10882,17 @@ msgstr ""
"<quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr "Par défaut : 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (integer)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10456,7 +10901,7 @@ msgstr ""
"en correspondance d'identifiants utilisateurs et groupes Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -10472,17 +10917,17 @@ msgstr ""
"<quote>ldap_idmap_range_max</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr "Par défaut : 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (integer)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
@@ -10492,13 +10937,37 @@ msgstr ""
"plage ne divise pas uniformément dans les valeurs minimale et maximale, des "
"tranches complètes seront créées autant que possible."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10509,22 +10978,22 @@ msgstr ""
"passer par l'algorithme murmurhash décrit ci-dessus."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr "Spécifier le nom de domaine par défaut."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (boolean)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -10534,7 +11003,7 @@ msgstr ""
"quote> de winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -10544,7 +11013,7 @@ msgstr ""
"domaine supplémentaire."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10559,6 +11028,77 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un "
"domaine est systématiquement alloué à la tranche zéro."
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -10577,105 +11117,148 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
-"Un masque de bits qui indique quels niveaux de débogage seront visibles. 0 x "
-"0010 est la valeur par défaut ainsi que la plus basse autorisée, 0xFFF0 est "
-"le mode le plus détaillé. Ce paramètre prend le pas sur les paramètres du "
-"fichier de configuration."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr "Niveaux de débogage actuellement pris en charge :"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+#| "SSSD from starting up or causes it to cease running."
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
"<emphasis>0x0010</emphasis> : défaillances fatales. Tout ce qui empêcherait "
"SSSD de démarrer ou provoquerait son arrêt."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't "
+#| "kill the SSSD, but one that indicates that at least one major feature is "
+#| "not going to work properly."
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
"<emphasis>0x0020</emphasis> : échecs critiques. Une erreur qui ne tue pas "
"SSSD, mais qui indique qu'au moins une caractéristique majeure ne pourra pas "
"fonctionner correctement."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+#| "particular request or operation has failed."
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
"<emphasis>0x0040</emphasis> : défaillances graves. Une erreur qui annonce "
"qu'une requête particulière ou une opération a échoué."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that "
+#| "would percolate down to cause the operation failure of 2."
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
"<emphasis>0x0080</emphasis> : erreurs mineures. Ce sont les erreurs qui "
"seraient susceptibles d'empirer pour provoquer l'erreur en 2."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+#, fuzzy
+#| msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr "<emphasis>0x0100</emphasis> : paramètres de configuration."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+#, fuzzy
+#| msgid "<emphasis>0x0200</emphasis>: Function data."
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr "<emphasis>0x0200</emphasis> : données de fonctionnement."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+#, fuzzy
+#| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr "<emphasis>0x0400</emphasis> : traçage des fonctions opérationnelles."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x1000</emphasis>: Trace messages for internal control "
+#| "functions."
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
"<emphasis>0x1000</emphasis> : traçage des fonctions de contrôles internes."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+#| "may be interesting."
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
"<emphasis>0x2000</emphasis> : contenu des variables internes de fonctions "
"pouvent être intéressantes."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr "<emphasis>0x4000</emphasis> : informations de traçage de bas niveau."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
+#, fuzzy
+#| msgid ""
+#| "To log required debug levels, simply add their numbers together as shown "
+#| "in following examples:"
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
"Pour activer les niveaux de débogage requis, il suffit de faire la somme de "
"l'ensemble des numéros tel qu'illustré dans les exemples suivants :"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
@@ -10684,7 +11267,7 @@ msgstr ""
"graves et les données de fonction, utiliser 0x0270."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
@@ -10694,15 +11277,26 @@ msgstr ""
"pour les fonctions de contrôle interne, utiliser 0x1310."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
+#, fuzzy
+#| msgid ""
+#| "<emphasis>Note</emphasis>: This is new format of debug levels introduced "
+#| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
"<emphasis>Note</emphasis> : il s'agit d'un nouveau format des niveaux de "
"débogage introduit dans la version 1.7.0. L'ancien format (nombres de 0 à "
"10) est compatible mais déconseillé et voué à disparaître."
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>h</emphasis> pour heures"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -10753,6 +11347,45 @@ msgstr "VOIR AUSSI"
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
+#, fuzzy
+#| msgid ""
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
+#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
+#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>."
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -10788,6 +11421,8 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
@@ -10830,7 +11465,6 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -10840,32 +11474,33 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "syntaxe : <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
+#, fuzzy
+#| msgid ""
+#| "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
+#| "must be a valid LDAP search filter as specified by http://www.ietf.org/"
+#| "rfc/rfc2254.txt"
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
"La portée peut être « base », un « onelevel » ou « subtree ». Le filtre doit "
"être un filtre de recherche LDAP valide tel que spécifié par http://www.ietf."
"org/rfc/rfc2254.txt"
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
@@ -10874,8 +11509,7 @@ msgstr ""
"d'exemples <quote>ldap_search_base</quote>."
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -10965,5 +11599,288 @@ msgstr ""
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr "Par défaut : Indéfini (SSSD utilisera la valeur récupérée de LDAP)"
+#~ msgid ""
+#~ "Override the login shell for all users. This option can be specified "
+#~ "globally in the [nss] section or per-domain."
+#~ msgstr ""
+#~ "Substitue l'interpréteur de commandes pour tous les utilisateurs. Cette "
+#~ "option peut être spécifiée à l'échelle globale dans la section [nss] ou "
+#~ "par domaine."
+
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (chaînes)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict user searches."
+#~ msgstr ""
+#~ "Cette option définit un filtre de recherche LDAP supplémentaire qui "
+#~ "restreint les recherches utilisateur."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_user_search_base."
+#~ msgstr ""
+#~ "Cette option est <emphasis>déconseillée</emphasis> en faveur de la "
+#~ "syntaxe utilisée par ldap_user_search_base."
+
+#~ msgid ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+#~ msgstr ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+
+#~ msgid ""
+#~ "This filter would restrict user searches to users that have their shell "
+#~ "set to /bin/tcsh."
+#~ msgstr ""
+#~ "Ce filtre restreindrait les recherches aux seuls utilisateurs qui ont "
+#~ "leur interpréteur de commande défini en /bin/tcsh."
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (chaînes)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict group searches."
+#~ msgstr ""
+#~ "Cette option définit un filtre de recherche LDAP supplémentaire qui "
+#~ "restreint les recherches de groupe."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_group_search_base."
+#~ msgstr ""
+#~ "Cette option est <emphasis>déconseillée</emphasis> en faveur de la "
+#~ "syntaxe utilisée par ldap_group_search_base."
+
+#~ msgid ""
+#~ "If filter is given in any of search bases and "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
+#~ "will be ignored."
+#~ msgstr ""
+#~ "Si le filtre est donné dans l'une des bases de recherche et "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> a la valeur False, le "
+#~ "filtre sera ignoré."
+
+#~ msgid "ipa_hbac_support_srchost (boolean)"
+#~ msgstr "ipa_hbac_support_srchost (booléen)"
+
+#~ msgid ""
+#~ "If this is set to false, then srchost as given to SSSD by PAM will be "
+#~ "ignored."
+#~ msgstr "Si false, srchost tel qu'il figure à SSSD par PAM sera ignoré."
+
+#~ msgid ""
+#~ "Note that if set to <emphasis>False</emphasis>, this option casuses "
+#~ "filters given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
+#~ msgstr ""
+#~ "Noter que si la valeur <emphasis>False</emphasis>, cette option implique "
+#~ "que les filtres donnés en <emphasis>ipa_host_search_base</emphasis> "
+#~ "seront ignorés ;"
+
+#~ msgid "ipa_netgroup_member_of (string)"
+#~ msgstr "ipa_netgroup_member_of (chaîne)"
+
+#~ msgid "The LDAP attribute that lists netgroup's memberships."
+#~ msgstr "L'attribut LDAP qui répertorie les appartenances aux netgroups."
+
+#~ msgid "ipa_netgroup_member_user (string)"
+#~ msgstr "ipa_netgroup_member_user (chaîne)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists system users and groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "L'attribut LDAP qui répertorie les utilisateurs et les groupes qui sont "
+#~ "membres directs du netgroup."
+
+#~ msgid "Default: memberUser"
+#~ msgstr "Par défaut : memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (chaîne)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists hosts and host groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "L'attribut LDAP qui répertorie les systèmes et les groupes de systèmes "
+#~ "qui sont membres directs du netgroup."
+
+#~ msgid "Default: memberHost"
+#~ msgstr "Par défaut : memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (chaîne)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "L'attribut LDAP qui répertorie les noms de domaines complets des systèmes "
+#~ "et des groupes de systèmes qui appartiennent au groupe réseau."
+
+#~ msgid "Default: externalHost"
+#~ msgstr "Par défaut : externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (chaîne)"
+
+#~ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+#~ msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup."
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "Par défaut : nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (chaîne)"
+
+#~ msgid "The object class of a host entry in LDAP."
+#~ msgstr "La classe de l'objet d'une entrée d'hôte dans l'annuaire LDAP."
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "Par défaut : ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (chaîne)"
+
+#~ msgid "The LDAP attribute that contains FQDN of the host."
+#~ msgstr "L'attribut LDAP qui contient le nom de domaine complet du système."
+
+#~ msgid "Default: fqdn"
+#~ msgstr "Par défaut : nom de domaine complet"
+
+#~ msgid "ipa_selinux_usermap_object_class (string)"
+#~ msgstr "ipa_selinux_usermap_object_class (string)"
+
+#~ msgid "ipa_selinux_usermap_name (string)"
+#~ msgstr "ipa_selinux_usermap_name (string)"
+
+#~ msgid "The LDAP attribute that contains the name of SELinux usermap."
+#~ msgstr "L'attribut LDAP qui contient le nom de SELinux usermap."
+
+#~ msgid "ipa_selinux_usermap_member_user (string)"
+#~ msgstr "ipa_selinux_usermap_member_user (string)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all users / groups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient tous les utilisateurs / groupes "
+#~ "correspondant à cette règle."
+
+#~ msgid "ipa_selinux_usermap_member_host (string)"
+#~ msgstr "ipa_selinux_usermap_member_host (string)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient tous les hôtes / hostgroups correspondant à "
+#~ "cette règle."
+
+#~ msgid "ipa_selinux_usermap_see_also (string)"
+#~ msgstr "ipa_selinux_usermap_see_also (string)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+#~ "matching instead of memberUser and memberHost"
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient le DN de la règle de HBAC qui peut être "
+#~ "utilisé pour la correspondance au lieu de memberUser et memberHost"
+
+#~ msgid "Default: seeAlso"
+#~ msgstr "Par défaut : seeAlso"
+
+#~ msgid "ipa_selinux_usermap_selinux_user (string)"
+#~ msgstr "ipa_selinux_usermap_selinux_user (string)"
+
+#~ msgid "The LDAP attribute that contains SELinux user string itself."
+#~ msgstr "L'attribut LDAP qui contient la chaîne utilisateur SELinux."
+
+#~ msgid "Default: ipaSELinuxUser"
+#~ msgstr "Par défaut : ipaSELinuxUser"
+
+#~ msgid "ipa_selinux_usermap_enabled (string)"
+#~ msgstr "ipa_selinux_usermap_enabled (string)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains whether or not is user map enabled for "
+#~ "usage."
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient le fait que la carte utilisateur est "
+#~ "activée pour utilisation ou non."
+
+#~ msgid "Default: ipaEnabledFlag"
+#~ msgstr "Par défaut : ipaEnabledFlag"
+
+#~ msgid "ipa_selinux_usermap_user_category (string)"
+#~ msgstr "ipa_selinux_usermap_user_category (string)"
+
+#~ msgid "The LDAP attribute that contains user category such as 'all'."
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient la catégorie utilisateur tels que « all »."
+
+#~ msgid "Default: userCategory"
+#~ msgstr "Par défaut : userCategory"
+
+#~ msgid "ipa_selinux_usermap_host_category (string)"
+#~ msgstr "ipa_selinux_usermap_host_category (string)"
+
+#~ msgid "The LDAP attribute that contains host category such as 'all'."
+#~ msgstr "L'attribut LDAP qui contient la catégorie hôte tels que « all »."
+
+#~ msgid "Default: hostCategory"
+#~ msgstr "Par défaut : hostCategory"
+
+#~ msgid "ipa_selinux_usermap_uuid (string)"
+#~ msgstr "ipa_selinux_usermap_uuid (string)"
+
+#~ msgid "The LDAP attribute that contains unique ID of the user map."
+#~ msgstr ""
+#~ "L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur."
+
+#~ msgid "Default: ipaUniqueID"
+#~ msgstr "Par défaut : ipaUniqueID"
+
+#~ msgid "ipa_host_ssh_public_key (string)"
+#~ msgstr "ipa_host_ssh_public_key (string)"
+
+#~ msgid "The LDAP attribute that contains the host's SSH public keys."
+#~ msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte."
+
+#~ msgid "Default: ipaSshPubKey"
+#~ msgstr "Par défaut : ipaSshPubKey"
+
+#~ msgid ""
+#~ "Directory to store credential caches. All the substitution sequences of "
+#~ "krb5_ccname_template can be used here, too, except %d and %P. If the "
+#~ "directory does not exist, it will be created. If %u, %U, %p or %h are "
+#~ "used, a private directory belonging to the user is created. Otherwise, a "
+#~ "public directory with restricted deletion flag (aka sticky bit, as "
+#~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> "
+#~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created."
+#~ msgstr ""
+#~ "Répertoire pour stocker les caches crédits. Toutes les séquences de "
+#~ "substitution de krb5_ccname_template peuvent être utilisée ici, hormis %d "
+#~ "et %P. Si le dossier n'existe pas, il sera créé. Si %u, %U, %p ou %h sont "
+#~ "utilisés, un répertoire privé appartenant à l'utilisateur est créé. Sinon "
+#~ "un répertoire public avec un drapeau de restriction à la suppression "
+#~ "(aussi appelé « sticky bit », cf. <citerefentry> <refentrytitle>chmod</"
+#~ "refentrytitle> <manvolnum>1</manvolnum> </citerefentry> pour plus de "
+#~ "détails) est créé."
+
+#~ msgid ""
+#~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+#~ "default value as well as the lowest allowed value, 0xFFF0 is the most "
+#~ "verbose mode. This setting overrides the settings from config file."
+#~ msgstr ""
+#~ "Un masque de bits qui indique quels niveaux de débogage seront visibles. "
+#~ "0 x 0010 est la valeur par défaut ainsi que la plus basse autorisée, "
+#~ "0xFFF0 est le mode le plus détaillé. Ce paramètre prend le pas sur les "
+#~ "paramètres du fichier de configuration."
+
#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgstr "Par défaut : FICHIER:%d/krb5cc_%U_XXXXXX"
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index 1b91d9632..d97ec4a51 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
@@ -27,7 +27,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "SSSD マニュアル ページ"
@@ -63,13 +63,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "概要"
@@ -84,7 +84,7 @@ msgstr ""
"するようグループを変更します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -138,18 +138,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "ファイル形式および変換"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "SSSD の設定ファイル"
@@ -221,26 +222,113 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "高度なオプション"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "デバッグメッセージに日時を追加します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "初期値: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr "デバッグメッセージの日時にマイクロ秒を追加します"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "初期値: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "初期値: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "特別セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "[sssd] セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "セクションのパラメーター"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -249,23 +337,29 @@ msgstr ""
"ジョン 2 を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
+#, fuzzy
+#| msgid ""
+#| "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+#| "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+#| "condition=\"with_ssh\">, ssh</phrase> <phrase condition="
+#| "\"with_pac_responder\">, pac</phrase>"
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
"サポートされるサービス: nss, pam <phrase condition=\"with_sudo\">, sudo</"
"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -273,12 +367,12 @@ msgstr ""
"\">, pac</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -287,17 +381,17 @@ msgstr ""
"める前に試行する回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "初期値: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -307,19 +401,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -327,12 +421,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -340,58 +434,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -404,7 +498,7 @@ msgstr ""
"フォールバックします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -415,7 +509,7 @@ msgstr ""
"です"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -424,7 +518,7 @@ msgstr ""
"トフォームにおいては偽です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -433,12 +527,12 @@ msgstr ""
"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -447,7 +541,7 @@ msgstr ""
"クトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -456,7 +550,7 @@ msgstr ""
"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -465,12 +559,12 @@ msgstr ""
"ければ __LIBKRB5_DEFAULTS__ です)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -480,22 +574,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "初期値: 設定されません"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -511,12 +604,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "サービスセクション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -528,82 +621,22 @@ msgstr ""
"ば、NSS サービスは <quote>[nss]</quote> セクションです"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "サービス設定の全体オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (整数)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (論理値)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "デバッグメッセージに日時を追加します"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "初期値: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (論理値)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr "デバッグメッセージの日時にマイクロ秒を追加します"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "初期値: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (整数)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "初期値: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -613,17 +646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -634,18 +667,19 @@ msgstr ""
"避けるために制限されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "初期値: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -654,13 +688,28 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "NSS 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -668,12 +717,12 @@ msgstr ""
"きます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -682,17 +731,17 @@ msgstr ""
"要求)。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "初期値: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -703,7 +752,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -718,7 +767,7 @@ msgstr ""
"とをブロックする必要がありません。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -731,17 +780,17 @@ msgstr ""
"(0 はこの機能を無効にします)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "初期値: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -752,17 +801,17 @@ msgstr ""
"せ)をキャッシュする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "初期値: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -775,17 +824,17 @@ msgstr ""
"飾名を含めることができます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "初期値: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -793,12 +842,12 @@ msgstr ""
"ションを偽に設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -807,7 +856,7 @@ msgstr ""
"ホームディレクトリーの標準テンプレートを設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -815,51 +864,59 @@ msgstr ""
"同じです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
-#, no-wrap
+#: sssd.conf.5.xml:531
+#, fuzzy, no-wrap
+#| msgid ""
+#| "override_homedir = /home/%u\n"
+#| " "
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
"override_homedir = /home/%u\n"
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr "override_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
+#, fuzzy
+#| msgid ""
+#| "Override the login shell for all users. This option can be specified "
+#| "globally in the [nss] section or per-domain."
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
"すべてのユーザーに対するログインシェルを上書きします。このオプションは [nss] "
"において全体的またはドメインごとに指定できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -867,13 +924,13 @@ msgstr ""
"す:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -882,7 +939,7 @@ msgstr ""
"ば、shell_fallback パラメーターの値を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -891,12 +948,12 @@ msgstr ""
"ば、nologin シェルが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr "シェルの空文字列は libc にそのまま渡されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -906,27 +963,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -934,66 +991,71 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "初期値: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
+#, fuzzy
+#| msgid ""
+#| "Override the login shell for all users. This option can be specified "
+#| "globally in the [nss] section or per-domain."
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
+"すべてのユーザーに対するログインシェルを上書きします。このオプションは [nss] "
+"において全体的またはドメインごとに指定できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "初期値: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "PAM 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1002,12 +1064,12 @@ msgstr ""
"ために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1016,17 +1078,17 @@ msgstr ""
"ラインログインの最終成功からの日数)です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1034,12 +1096,12 @@ msgstr ""
"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1048,7 +1110,7 @@ msgstr ""
"渡される分単位の時間です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1059,17 +1121,17 @@ msgstr ""
"効にできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "初期値: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1078,42 +1140,42 @@ msgstr ""
"きいほどメッセージが表示されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "現在 sssd は以下の値をサポートします:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "初期値: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1123,7 +1185,7 @@ msgstr ""
"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1136,17 +1198,17 @@ msgstr ""
"アプリケーションごとに)制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1156,41 +1218,41 @@ msgstr ""
"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "初期値: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr "SUDO 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr "sudo_timed (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1199,22 +1261,22 @@ msgstr ""
"を評価するかしないかです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr "Autofs 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1225,51 +1287,51 @@ msgstr ""
"ヒットする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr "SSH 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr "初期値: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1281,7 +1343,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1292,24 +1354,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1317,12 +1379,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1331,17 +1393,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "ドメインセクション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1350,7 +1412,7 @@ msgstr ""
"トリーを含む場合、それは無視されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1362,24 +1424,24 @@ msgstr ""
"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1388,23 +1450,23 @@ msgstr ""
"必要があります:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = ユーザーとグループが列挙されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = このドメインに対して列挙しません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "初期値: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1416,7 +1478,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1425,7 +1487,7 @@ msgstr ""
"れが完了するまで結果を返しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1438,41 +1500,41 @@ msgstr ""
"てください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "ipa_subdomains_search_base (string)"
msgid "subdomain_enumerate (string)"
msgstr "ipa_subdomains_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1481,17 +1543,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "初期値: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1500,17 +1562,28 @@ msgstr ""
"数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "初期値: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1519,18 +1592,18 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr "初期値: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1539,12 +1612,12 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1553,12 +1626,12 @@ msgstr ""
"有効であると考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1567,76 +1640,76 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
"を決めます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1648,17 +1721,17 @@ msgstr ""
"offline_credentials_expiration と同等以上でなければいけません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1667,17 +1740,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -1685,17 +1758,17 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1706,8 +1779,8 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1720,8 +1793,8 @@ msgstr ""
"い。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1732,12 +1805,12 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -1746,7 +1819,7 @@ msgstr ""
"名形式により整形されたように) を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1759,7 +1832,7 @@ msgstr ""
"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1767,17 +1840,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1785,12 +1858,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1799,7 +1872,7 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1810,7 +1883,7 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1821,19 +1894,19 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> は明示的に認証を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1842,12 +1915,12 @@ msgstr ""
"ならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1858,7 +1931,7 @@ msgstr ""
"えます)。内部の特別プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -1867,12 +1940,12 @@ msgstr ""
"ロバイダーのみアクセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1885,17 +1958,17 @@ msgstr ""
"citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "初期値: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1904,7 +1977,7 @@ msgstr ""
"パスワード変更プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1915,7 +1988,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1926,7 +1999,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1934,12 +2007,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1948,19 +2021,19 @@ msgstr ""
"うことができるならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr "sudo_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
"は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1971,24 +2044,38 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1996,7 +2083,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2004,31 +2091,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2036,17 +2123,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr "autofs_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2054,7 +2141,7 @@ msgstr ""
"プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2065,7 +2152,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2076,17 +2163,17 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr "hostid_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2095,7 +2182,7 @@ msgstr ""
"hostid プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2103,12 +2190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2118,7 +2205,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2127,29 +2214,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2160,7 +2247,7 @@ msgstr ""
"everything after that\" に解釈されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2168,7 +2255,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2177,17 +2264,17 @@ msgstr ""
"Python 構文 (?P&lt;name&gt;) のみをサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "初期値: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2196,46 +2283,46 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "サポートする値:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "初期値: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2246,18 +2333,18 @@ msgstr ""
"ドにて操作を継続します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "初期値: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2266,27 +2353,27 @@ msgstr ""
"イン部分を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr "プライマリー GID の値を指定されたもので上書きします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -2295,17 +2382,17 @@ msgstr ""
"このオプションはローカルプロバイダーにおいてサポートされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "初期値: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2314,55 +2401,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "初期値: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2373,17 +2460,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "中継するプロキシターゲット PAM です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2392,12 +2479,12 @@ msgstr ""
"をここに追加する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2408,7 +2495,7 @@ msgstr ""
"_nss_files_getpwent です。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2417,12 +2504,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "ローカルドメインのセクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2433,27 +2520,27 @@ msgstr ""
"メインに対する設定を含みます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "初期値: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2462,17 +2549,17 @@ msgstr ""
"ホームディレクトリーとして使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "初期値: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2481,17 +2568,17 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "初期値: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2500,12 +2587,12 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2516,17 +2603,17 @@ msgstr ""
"manvolnum> </citerefentry> により使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "初期値: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2539,17 +2626,17 @@ msgstr ""
"を含む、スケルトンディレクトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "初期値: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2560,17 +2647,17 @@ msgstr ""
"が使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "初期値: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2581,18 +2668,18 @@ msgstr ""
"せん。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "例"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2646,7 +2733,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2662,6 +2749,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2702,8 +2794,8 @@ msgstr ""
"オプションを参照してください。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "設定オプション"
@@ -2799,8 +2891,8 @@ msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
@@ -2809,7 +2901,7 @@ msgstr ""
"な LDAP 検索フィルターである必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "例:"
@@ -3015,7 +3107,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "初期値: gidNumber"
@@ -3075,7 +3167,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "初期値: nsUniqueId"
@@ -3094,7 +3186,7 @@ msgstr ""
"ActiveDirectory サーバーに対してのみ必要です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
"初期値: ActiveDirectory の objectSid です、他のサーバーに対して設定sれませ"
@@ -3106,14 +3198,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "初期値: modifyTimestamp"
@@ -3422,21 +3514,77 @@ msgstr "初期値: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3448,12 +3596,12 @@ msgstr ""
"場合、このオプションを 0 以外に設定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -3461,12 +3609,12 @@ msgstr ""
"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3477,54 +3625,53 @@ msgstr ""
"削除する間隔を決めます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr "キャッシュ削除操作を無効にする 0 をこのオプションを設定する方法です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "初期値: 10800 (12 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "初期値: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "初期値: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3535,7 +3682,7 @@ msgstr ""
"authorizedService 属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3544,7 +3691,7 @@ msgstr ""
"索します。最後にすべて許可 (*) を検索します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3552,17 +3699,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "初期値: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3573,7 +3720,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3582,7 +3729,7 @@ msgstr ""
"索します。最後にすべて許可 (*) が検索されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3590,77 +3737,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "初期値: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "初期値: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "グループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "グループの ID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "グループのメンバーの名前を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
@@ -3669,17 +3816,46 @@ msgstr ""
"ActiveDirectory サーバーに対してのみ必要です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "グループのメンバーの名前を含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3690,17 +3866,17 @@ msgstr ""
"のオプションは RFC2307 スキーマにおいて効果がありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "初期値: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3708,14 +3884,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3723,7 +3899,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3732,18 +3908,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr "初期値: 偽"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3751,69 +3927,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "初期値: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "ネットワークグループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "初期値: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -3821,107 +3997,107 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "初期値: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"LDAP ネットワークグループオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_uuid が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr "初期値: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr "初期値: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr "初期値: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3929,7 +4105,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3940,12 +4116,12 @@ msgstr ""
"かもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3953,12 +4129,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3974,12 +4150,12 @@ msgstr ""
"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3989,12 +4165,12 @@ msgstr ""
"を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4003,17 +4179,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr "初期値: 900 (15 分)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4022,17 +4198,17 @@ msgstr ""
"バーは 1 要求あたりの最大数の制限を強制します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "初期値: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4043,7 +4219,7 @@ msgstr ""
"ことを報告する場合に、このオプションが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4053,7 +4229,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4064,17 +4240,17 @@ msgstr ""
"があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4084,12 +4260,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4097,17 +4273,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4115,13 +4291,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4130,7 +4306,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4138,12 +4314,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4152,7 +4328,7 @@ msgstr ""
"クするものを指定します。以下の値のうち 1 つを指定できます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4161,7 +4337,7 @@ msgstr ""
"確認しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4172,7 +4348,7 @@ msgstr ""
"無視され、セッションが通常通り進められます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4183,7 +4359,7 @@ msgstr ""
"ンが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4193,22 +4369,22 @@ msgstr ""
"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "初期値: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4218,7 +4394,7 @@ msgstr ""
"書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4227,12 +4403,12 @@ msgstr ""
"filename> にあります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4245,32 +4421,32 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr "クライアントのキーを含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4281,12 +4457,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4295,12 +4471,12 @@ msgstr ""
"用する必要がある id_provider 接続を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4308,18 +4484,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4330,17 +4506,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4349,12 +4525,12 @@ msgstr ""
"れます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4363,17 +4539,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr "初期値: host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4381,17 +4557,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -4400,33 +4576,33 @@ msgstr ""
"するために逆引きを実行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "初期値: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4437,27 +4613,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4469,7 +4645,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4480,7 +4656,7 @@ msgstr ""
"ば _tcp にフォールバックします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4491,27 +4667,27 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -4520,12 +4696,12 @@ msgstr ""
"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4535,7 +4711,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4543,12 +4719,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4557,7 +4733,7 @@ msgstr ""
"す。以下の値が許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4566,7 +4742,7 @@ msgstr ""
"ンはサーバー側のパスワードポリシーを無効にできません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4577,7 +4753,7 @@ msgstr ""
"manvolnum></citerefentry> 形式の属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4587,18 +4763,25 @@ msgstr ""
"ために MIT Kerberos により使用される属性を使用します。パスワードが変更される"
"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "自動参照追跡が有効化されるかを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4607,7 +4790,7 @@ msgstr ""
"sssd のみが参照追跡をサポートすることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4616,28 +4799,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "初期値: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -4646,49 +4829,54 @@ msgstr ""
"を検索するために使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "例:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -4696,16 +4884,20 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"この例は、このホストへのアクセスが LDAP にある \"allowedusers\" グループのメ"
"ンバーに制限されることを意味します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4718,17 +4910,17 @@ msgstr ""
"た同様です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "初期値: 空白"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4737,7 +4929,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4748,12 +4940,12 @@ msgstr ""
"否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "以下の値が許可されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4762,7 +4954,7 @@ msgstr ""
"ldap_user_shadow_expire の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4771,7 +4963,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4782,7 +4974,7 @@ msgstr ""
"ldap_ns_account_lock の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4795,7 +4987,7 @@ msgstr ""
"クセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4803,28 +4995,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4833,30 +5025,30 @@ msgstr ""
"authorizedService 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "初期値: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr "値が複数使用されていると設定エラーになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4865,12 +5057,12 @@ msgstr ""
"ションが許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4879,7 +5071,7 @@ msgstr ""
"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4888,7 +5080,7 @@ msgstr ""
"すときのみ参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4897,7 +5089,7 @@ msgstr ""
"きも位置を検索するときも参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4906,19 +5098,19 @@ msgstr ""
"して取り扱われます)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4929,7 +5121,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4952,57 +5144,57 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr "初期値: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "sudo ルール名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr "コマンド名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr "初期値: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5011,17 +5203,17 @@ msgstr ""
"クグループ)に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr "初期値: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5030,49 +5222,49 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr "初期値: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "sudo オプションに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr "初期値: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr "初期値: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5080,34 +5272,34 @@ msgstr ""
"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr "初期値: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr "初期値: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5116,39 +5308,39 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr "初期値: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr "初期値: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5157,17 +5349,17 @@ msgstr ""
"ります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr "初期値: 21600 (6 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5175,31 +5367,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5208,15 +5400,15 @@ msgstr ""
"区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5225,17 +5417,17 @@ msgstr ""
"ならば、このオプションは効果を持ちません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr "初期値: 指定なし"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5244,7 +5436,7 @@ msgstr ""
"アドレスの空白区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5252,36 +5444,31 @@ msgstr ""
"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5293,59 +5480,80 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_autofs_map_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_autofs_map_name (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+#, fuzzy
+#| msgid "The name of an automount map entry in LDAP."
+msgid "The name of the automount master map in LDAP."
+msgstr "LDAP における automount のマップエントリーの名前です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: sudoUser"
+msgid "Default: auto.master"
+msgstr "初期値: sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr "LDAP における automount のマップエントリーの名前です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr "初期値: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -5354,22 +5562,28 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr "初期値: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
+#, fuzzy
+#| msgid ""
+#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+#| "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+#| "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+#| "\"variablelist\" id=\"4\"/>"
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5377,102 +5591,37 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "高度なオプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-"このオプションは、ユーザー検索を制限する、追加の LDAP 検索フィルター基準を指"
-"定します。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-"このオプションは ldap_user_search_base により使用される構文のほうを選んで"
-"<emphasis>廃止されます</emphasis>。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-"このフィルターは、ユーザー検索をシェルが /bin/tcsh に設定されているユーザーに"
-"制限されます。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-"このオプションは、グループ検索を制限する、追加の LDAP 検索フィルター基準を指"
-"定します。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-"このオプションは ldap_group_search_base により使用される構文のほうを選んで"
-"<emphasis>廃止されます</emphasis>。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5483,7 +5632,7 @@ msgstr ""
"さい。 <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5494,7 +5643,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -5514,20 +5663,20 @@ msgstr ""
" cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "注記"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5560,13 +5709,21 @@ msgstr "SSSD の PAM モジュール"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -5576,7 +5733,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5587,22 +5744,22 @@ msgstr ""
"て LOG_AUTHPRIV ファシリティでログ記録されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr "不明なユーザーのログメッセージを抑制します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -5611,12 +5768,12 @@ msgstr ""
"るために、入力されたパスワードがスタックに置かれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5627,12 +5784,12 @@ msgstr ""
"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -5641,12 +5798,12 @@ msgstr ""
"クされたパスワードモジュールに設定します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -5655,7 +5812,7 @@ msgstr ""
"せます。初期値は 0 です。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5666,13 +5823,27 @@ msgstr ""
"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で"
"す。"
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "提供されるモジュール形式"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -5681,12 +5852,12 @@ msgstr ""
"<option>password</option> および <option>session</option>) が提供されます。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "ファイル"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5697,7 +5868,7 @@ msgstr ""
"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5709,7 +5880,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5724,6 +5895,13 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5736,7 +5914,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5896,7 +6074,7 @@ msgstr ""
"ンの中のグループのみに適用されます。ローカルグループは評価されません。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5953,6 +6131,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -6064,7 +6247,7 @@ msgstr ""
"使用される完全修飾名を反映しないマシンにおいて設定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6079,7 +6262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6097,12 +6280,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6123,12 +6306,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -6153,7 +6336,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6170,12 +6353,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6183,12 +6366,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6207,19 +6390,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -6253,7 +6436,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6261,74 +6444,62 @@ msgstr ""
"複数の検索ベースを設定することの詳細は <quote>ldap_search_base</quote> を参照"
"してください。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-"フィルターがすべての検索ベースに与えられ、かつ "
-"<emphasis>ipa_hbac_support_srchost</emphasis> が偽(False)に設定されている"
-"と、フィルターは無視されます。"
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと"
"して使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列"
"を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6336,7 +6507,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6345,7 +6516,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6354,7 +6525,7 @@ msgstr ""
"quote> の値です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6363,7 +6534,7 @@ msgstr ""
"めに使用するベース DN に変換されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6373,12 +6544,63 @@ msgstr ""
"するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) "
+"を有効化します。以下のオプションがサポートされます:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "初期値: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:405
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6386,17 +6608,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6404,12 +6626,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6423,7 +6645,7 @@ msgstr ""
"操作をサポートします:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -6432,7 +6654,7 @@ msgstr ""
"てのユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -6442,342 +6664,56 @@ msgstr ""
"注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "初期値: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr "ipa_hbac_support_srchost (論理値)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-"これが偽に設定されていると、PAM により SSSD に与えられる srchost が無視されま"
-"す。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-"<emphasis>False</emphasis> に設定されていると、このオプションは "
-"<emphasis>ipa_host_search_base</emphasis> に与えられたフィルターが無視される"
-"ようになることに注意してください。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr "この IPA クライアントが使用する automounter の場所です"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr "初期値: \"default\" という名前の場所"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr "ipa_netgroup_member_of (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr "ネットワークグループのメンバーを一覧にする LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr "ipa_netgroup_member_user (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-"ネットワークグループの直接メンバーであるシステムユーザーとグループを一覧化す"
-"る LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "初期値: memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-"ネットワークグループの直接メンバーであるホストとホストグループを一覧化する "
-"LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "初期値: memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-"ネットワークグループのメンバーであるホストとホストグループの FQDN を一覧化す"
-"る LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "初期値: externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr "ネットワークグループの NIS ドメイン名を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "初期値: nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "初期値: ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr "ホストの FQDN を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "初期値: fqdn"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_selinux_usermap_object_class (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr "ipa_selinux_usermap_name (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "SELinux ユーザーマップの名前を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_selinux_usermap_member_user (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr "このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_selinux_usermap_member_host (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr "このルールが一致するホスト・ホストグループを含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_selinux_usermap_see_also (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-"memberUser と memberHost の代わりにマッチに使用される HBAC ルールの DN を含"
-"む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr "初期値: seeAlso"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_selinux_usermap_selinux_user (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "SELinux ユーザー文字列自身を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr "初期値: ipaSELinuxUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_selinux_usermap_enabled (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-"ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr "初期値: ipaEnabledFlag"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ipa_selinux_usermap_user_category (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "'all' のようなユーザーカテゴリーを含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr "初期値: userCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_selinux_usermap_host_category (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "'all' のようなホストカテゴリーを含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr "初期値: hostCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_selinux_usermap_uuid (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "ユーザーマップの一意な ID を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr "初期値: ipaUniqueID"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_host_ssh_public_key (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr "初期値: ipaSshPubKey"
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6785,7 +6721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6797,7 +6733,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6808,7 +6744,7 @@ msgstr ""
"例は IPA プロバイダー固有のオプションのみを示しています。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6826,6 +6762,11 @@ msgstr ""
msgid "sssd-ad"
msgstr "sssd-ad"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6871,11 +6812,24 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:62
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
+"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
+"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
+"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
+"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
+"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ad.5.xml:74
@@ -6894,18 +6848,27 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr "ad_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -6914,7 +6877,7 @@ msgstr ""
"ければ、設定のドメイン名が使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -6923,19 +6886,19 @@ msgstr ""
"ンの小文字バージョンとして指定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6945,12 +6908,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6960,7 +6923,7 @@ msgstr ""
"全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -6969,12 +6932,12 @@ msgstr ""
"されます。キーテーブルが発行されたホスト名と一致する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6984,8 +6947,173 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: Not set"
+msgstr "初期値: 設定されません"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ldap_disable_paging (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: ipService"
+msgid "Default: permissive"
+msgstr "初期値: ipService"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6996,29 +7124,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7029,7 +7157,7 @@ msgstr ""
"AD プロバイダー固有のオプションのみ示してします。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7053,7 +7181,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7062,7 +7190,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7070,7 +7198,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -7135,20 +7263,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr "sudo ルールを取得するよう SSSD を設定する方法"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -7174,20 +7323,20 @@ msgstr ""
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr "SUDO ルールキャッシュメカニズム"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -7198,7 +7347,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -7207,7 +7356,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -7218,7 +7367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -7229,7 +7378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -7237,37 +7386,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr "keyword ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr "netgroup (\"+netgroup\" の形式)"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr "このマシンのホスト名または完全修飾ドメイン名"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr "このマシンの IP アドレスのどれか"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr "ネットワークの IP アドレスのどれか (\"address/mask\" 形式)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -7482,6 +7631,19 @@ msgid ""
msgstr ""
"SSSD に直ちにオンラインになるよう指示します。テスト目的のためにほぼ有用です。"
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+#| "debug messages will be sent to stderr."
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
+"セージが標準エラーに送られます。"
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -7800,6 +7962,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7898,106 +8065,104 @@ msgstr "krb5_ccachedir (文字列)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "初期値: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (文字列)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "ログイン名"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr "ログイン UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "プリンシパル名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "レルム名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr "ホームディレクトリー"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "krb5ccache_dir の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "文字 '%'"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -8010,7 +8175,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -8019,7 +8184,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -8029,19 +8194,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -8049,7 +8214,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -8060,12 +8225,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
@@ -8074,24 +8239,24 @@ msgstr ""
"です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "初期値: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -8099,80 +8264,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr "初期値: 設定されません、つまり TGT は更新可能ではありません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
@@ -8180,12 +8345,12 @@ msgstr ""
"期値です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -8193,83 +8358,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr "krb5_use_fast (文字列)"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-"Kerberos の事前認証のために flexible authentication secure tunneling (FAST) "
-"を有効化します。以下のオプションがサポートされます:"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr "初期値: 設定されません、つまり FAST が使用されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr "FAST に対して使用するサーバープリンシパルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -8283,7 +8419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -8292,7 +8428,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8945,6 +9081,210 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
+"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
+"ジの <quote>ファイル形式</quote> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure the sudo service."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+#, fuzzy
+#| msgid "username"
+msgid "name"
+msgstr "username"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "ログイン名"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "初期値: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "初期値: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "home directory"
+msgid "homeDirectory"
+msgstr "ホームディレクトリー"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "初期値: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+#, fuzzy
+#| msgid "The user's login shell."
+msgid "user shell"
+msgstr "ユーザーのログインシェルです。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
+"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
+"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+#, fuzzy
+#| msgid ""
+#| "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+"初期値: 設定されません、つまり KDC において設定されているチケット有効期間の初"
+"期値です。"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
@@ -9179,7 +9519,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "設定"
@@ -9344,13 +9684,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr "マッピング・アルゴリズム"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -9359,7 +9741,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -9367,7 +9749,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -9376,7 +9758,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -9384,7 +9766,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -9397,13 +9779,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr "最小の設定 (<quote>[domain/DOMAINNAME]</quote> セクションにおいて):"
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -9413,7 +9795,7 @@ msgstr ""
"ldap_schema = ad\n"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -9421,17 +9803,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr "高度な設定"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (整数)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -9440,7 +9822,7 @@ msgstr ""
"POSIX ID の範囲の下限を指定します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -9450,17 +9832,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr "初期値: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (整数)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -9469,7 +9851,7 @@ msgstr ""
"ID の範囲の上限を指定します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -9479,17 +9861,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr "初期値: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (整数)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
@@ -9498,13 +9880,37 @@ msgstr ""
"各スライスに利用可能な ID 番号を指定します。範囲の大きさが最小値、最大値の中"
"にうまく分けられなければ、できる限り多くの完全なスライスとして作成されます。"
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -9512,22 +9918,22 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr "初期ドメインの名前を指定します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (論理値)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -9536,7 +9942,7 @@ msgstr ""
"ために ID マッピングのアルゴリズムの振る舞いを変更します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -9545,7 +9951,7 @@ msgstr ""
"ンに単原子的に増加するよう割り当てられます。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -9559,6 +9965,77 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ"
"れます。"
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -9577,101 +10054,145 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
-"デバッグレベルを指示するビットマスクは見ることができます。 0x0010 は初期値で"
-"あり、利用できる最小値です。 0xFFF0 は最も冗長なモードです。この設定は設定"
-"ファイルの設定により上書きされます。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr "現在サポートされるデバッグレベル:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+#| "SSSD from starting up or causes it to cease running."
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
"<emphasis>0x0010</emphasis>: 致命的なエラー。 SSSD が開始するのを妨げる、また"
"は実行を中断させることすべてです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't "
+#| "kill the SSSD, but one that indicates that at least one major feature is "
+#| "not going to work properly."
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
"<emphasis>0x0020</emphasis>: 重大なエラー。 SSSD が強制停止しないが、複数の機"
"能が正しく動作しないエラーです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+#| "particular request or operation has failed."
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
"<emphasis>0x0040</emphasis>: 深刻なエラー。特定の要求や操作が失敗したことを通"
"知するエラーです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that "
+#| "would percolate down to cause the operation failure of 2."
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
"<emphasis>0x0080</emphasis>: 軽微なエラー。これらは 2 の操作失敗を引き起こす"
"よう下にしみだすエラーです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+#, fuzzy
+#| msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr "<emphasis>0x0100</emphasis>: 設定値の設定です。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+#, fuzzy
+#| msgid "<emphasis>0x0200</emphasis>: Function data."
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr "<emphasis>0x0200</emphasis>: 関数のデータです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+#, fuzzy
+#| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr "<emphasis>0x0400</emphasis>: 操作関数のトレースメッセージです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x1000</emphasis>: Trace messages for internal control "
+#| "functions."
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr "<emphasis>0x1000</emphasis>: 内部制御関数のトレースメッセージです。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+#| "may be interesting."
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
"<emphasis>0x2000</emphasis>: 興味があるかもしれない関数の内部変数の内容です。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr "<emphasis>0x4000</emphasis>: 極めて低レベルのトレース情報です。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
+#, fuzzy
+#| msgid ""
+#| "To log required debug levels, simply add their numbers together as shown "
+#| "in following examples:"
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
"必要となるデバッグレベルをログに取得するには、以下の例に示されるようにこれら"
"の数字を単に追加します:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
@@ -9680,7 +10201,7 @@ msgstr ""
"データをログに取得するには 0x0270 を使用します。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
@@ -9689,14 +10210,25 @@ msgstr ""
"数のトレースメッセージをログに取得するには 0x1310 を使用します。"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
+#, fuzzy
+#| msgid ""
+#| "<emphasis>Note</emphasis>: This is new format of debug levels introduced "
+#| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
"<emphasis>注</emphasis>: これは 1.7.0 において導入されたデバッグレベルの新し"
"い形式です。古い形式(0-10 の数字)は互換性がありますが、推奨されません。"
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -9772,13 +10304,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -9788,37 +10321,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "構文: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -9897,5 +10425,258 @@ msgstr ""
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (文字列)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict user searches."
+#~ msgstr ""
+#~ "このオプションは、ユーザー検索を制限する、追加の LDAP 検索フィルター基準を"
+#~ "指定します。"
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_user_search_base."
+#~ msgstr ""
+#~ "このオプションは ldap_user_search_base により使用される構文のほうを選んで"
+#~ "<emphasis>廃止されます</emphasis>。"
+
+#~ msgid ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+#~ msgstr ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+
+#~ msgid ""
+#~ "This filter would restrict user searches to users that have their shell "
+#~ "set to /bin/tcsh."
+#~ msgstr ""
+#~ "このフィルターは、ユーザー検索をシェルが /bin/tcsh に設定されているユー"
+#~ "ザーに制限されます。"
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (文字列)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict group searches."
+#~ msgstr ""
+#~ "このオプションは、グループ検索を制限する、追加の LDAP 検索フィルター基準を"
+#~ "指定します。"
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_group_search_base."
+#~ msgstr ""
+#~ "このオプションは ldap_group_search_base により使用される構文のほうを選んで"
+#~ "<emphasis>廃止されます</emphasis>。"
+
+#~ msgid ""
+#~ "If filter is given in any of search bases and "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
+#~ "will be ignored."
+#~ msgstr ""
+#~ "フィルターがすべての検索ベースに与えられ、かつ "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> が偽(False)に設定されてい"
+#~ "ると、フィルターは無視されます。"
+
+#~ msgid "ipa_hbac_support_srchost (boolean)"
+#~ msgstr "ipa_hbac_support_srchost (論理値)"
+
+#~ msgid ""
+#~ "If this is set to false, then srchost as given to SSSD by PAM will be "
+#~ "ignored."
+#~ msgstr ""
+#~ "これが偽に設定されていると、PAM により SSSD に与えられる srchost が無視さ"
+#~ "れます。"
+
+#~ msgid ""
+#~ "Note that if set to <emphasis>False</emphasis>, this option casuses "
+#~ "filters given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
+#~ msgstr ""
+#~ "<emphasis>False</emphasis> に設定されていると、このオプションは "
+#~ "<emphasis>ipa_host_search_base</emphasis> に与えられたフィルターが無視され"
+#~ "るようになることに注意してください。"
+
+#~ msgid "ipa_netgroup_member_of (string)"
+#~ msgstr "ipa_netgroup_member_of (文字列)"
+
+#~ msgid "The LDAP attribute that lists netgroup's memberships."
+#~ msgstr "ネットワークグループのメンバーを一覧にする LDAP 属性です。"
+
+#~ msgid "ipa_netgroup_member_user (string)"
+#~ msgstr "ipa_netgroup_member_user (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists system users and groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "ネットワークグループの直接メンバーであるシステムユーザーとグループを一覧化"
+#~ "する LDAP 属性です。"
+
+#~ msgid "Default: memberUser"
+#~ msgstr "初期値: memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists hosts and host groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "ネットワークグループの直接メンバーであるホストとホストグループを一覧化す"
+#~ "る LDAP 属性です。"
+
+#~ msgid "Default: memberHost"
+#~ msgstr "初期値: memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "ネットワークグループのメンバーであるホストとホストグループの FQDN を一覧化"
+#~ "する LDAP 属性です。"
+
+#~ msgid "Default: externalHost"
+#~ msgstr "初期値: externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (文字列)"
+
+#~ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+#~ msgstr "ネットワークグループの NIS ドメイン名を含む LDAP 属性です。"
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "初期値: nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (文字列)"
+
+#~ msgid "The object class of a host entry in LDAP."
+#~ msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "初期値: ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (文字列)"
+
+#~ msgid "The LDAP attribute that contains FQDN of the host."
+#~ msgstr "ホストの FQDN を含む LDAP 属性です。"
+
+#~ msgid "Default: fqdn"
+#~ msgstr "初期値: fqdn"
+
+#~ msgid "ipa_selinux_usermap_object_class (string)"
+#~ msgstr "ipa_selinux_usermap_object_class (文字列)"
+
+#~ msgid "ipa_selinux_usermap_name (string)"
+#~ msgstr "ipa_selinux_usermap_name (文字列)"
+
+#~ msgid "The LDAP attribute that contains the name of SELinux usermap."
+#~ msgstr "SELinux ユーザーマップの名前を含む LDAP 属性です。"
+
+#~ msgid "ipa_selinux_usermap_member_user (string)"
+#~ msgstr "ipa_selinux_usermap_member_user (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all users / groups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。"
+
+#~ msgid "ipa_selinux_usermap_member_host (string)"
+#~ msgstr "ipa_selinux_usermap_member_host (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+#~ "against."
+#~ msgstr "このルールが一致するホスト・ホストグループを含む LDAP 属性です。"
+
+#~ msgid "ipa_selinux_usermap_see_also (string)"
+#~ msgstr "ipa_selinux_usermap_see_also (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+#~ "matching instead of memberUser and memberHost"
+#~ msgstr ""
+#~ "memberUser と memberHost の代わりにマッチに使用される HBAC ルールの DN を"
+#~ "含む LDAP 属性です。"
+
+#~ msgid "Default: seeAlso"
+#~ msgstr "初期値: seeAlso"
+
+#~ msgid "ipa_selinux_usermap_selinux_user (string)"
+#~ msgstr "ipa_selinux_usermap_selinux_user (文字列)"
+
+#~ msgid "The LDAP attribute that contains SELinux user string itself."
+#~ msgstr "SELinux ユーザー文字列自身を含む LDAP 属性です。"
+
+#~ msgid "Default: ipaSELinuxUser"
+#~ msgstr "初期値: ipaSELinuxUser"
+
+#~ msgid "ipa_selinux_usermap_enabled (string)"
+#~ msgstr "ipa_selinux_usermap_enabled (文字列)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains whether or not is user map enabled for "
+#~ "usage."
+#~ msgstr ""
+#~ "ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性で"
+#~ "す。"
+
+#~ msgid "Default: ipaEnabledFlag"
+#~ msgstr "初期値: ipaEnabledFlag"
+
+#~ msgid "ipa_selinux_usermap_user_category (string)"
+#~ msgstr "ipa_selinux_usermap_user_category (文字列)"
+
+#~ msgid "The LDAP attribute that contains user category such as 'all'."
+#~ msgstr "'all' のようなユーザーカテゴリーを含む LDAP 属性です。"
+
+#~ msgid "Default: userCategory"
+#~ msgstr "初期値: userCategory"
+
+#~ msgid "ipa_selinux_usermap_host_category (string)"
+#~ msgstr "ipa_selinux_usermap_host_category (文字列)"
+
+#~ msgid "The LDAP attribute that contains host category such as 'all'."
+#~ msgstr "'all' のようなホストカテゴリーを含む LDAP 属性です。"
+
+#~ msgid "Default: hostCategory"
+#~ msgstr "初期値: hostCategory"
+
+#~ msgid "ipa_selinux_usermap_uuid (string)"
+#~ msgstr "ipa_selinux_usermap_uuid (文字列)"
+
+#~ msgid "The LDAP attribute that contains unique ID of the user map."
+#~ msgstr "ユーザーマップの一意な ID を含む LDAP 属性です。"
+
+#~ msgid "Default: ipaUniqueID"
+#~ msgstr "初期値: ipaUniqueID"
+
+#~ msgid "ipa_host_ssh_public_key (string)"
+#~ msgstr "ipa_host_ssh_public_key (文字列)"
+
+#~ msgid "The LDAP attribute that contains the host's SSH public keys."
+#~ msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
+
+#~ msgid "Default: ipaSshPubKey"
+#~ msgstr "初期値: ipaSshPubKey"
+
+#~ msgid ""
+#~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+#~ "default value as well as the lowest allowed value, 0xFFF0 is the most "
+#~ "verbose mode. This setting overrides the settings from config file."
+#~ msgstr ""
+#~ "デバッグレベルを指示するビットマスクは見ることができます。 0x0010 は初期値"
+#~ "であり、利用できる最小値です。 0xFFF0 は最も冗長なモードです。この設定は設"
+#~ "定ファイルの設定により上書きされます。"
+
#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgstr "初期値: FILE:%d/krb5cc_%U_XXXXXX"
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index 0e6e10096..094c328ec 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Latvian (http://www.transifex.com/projects/p/fedora/language/"
@@ -27,7 +27,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -60,13 +60,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "APRAKSTS"
@@ -79,7 +79,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -124,18 +124,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -193,75 +194,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "PAPLAŠINĀTĀS IESPĒJAS"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Noklusējuma: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "pakalpojumi"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domēni"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -271,19 +359,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -291,12 +379,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -304,58 +392,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -364,7 +452,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -372,52 +460,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -427,22 +515,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -453,12 +540,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -467,82 +554,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "noildze (vesels skaitlis)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Noklusējuma: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -552,17 +579,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -570,18 +597,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Noklusējuma: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -590,41 +618,56 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -632,7 +675,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -642,7 +685,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -651,17 +694,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -669,17 +712,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Noklusējuma: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -688,251 +731,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Noklusējuma: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Noklusējuma: 0 (bez ierobežojuma)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -940,59 +983,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Noklusējuma: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1000,7 +1043,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1009,17 +1052,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1027,63 +1070,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1091,51 +1134,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1147,7 +1190,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1158,24 +1201,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1183,12 +1226,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1197,24 +1240,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1223,47 +1266,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1275,14 +1318,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1291,39 +1334,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1332,149 +1375,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1483,17 +1537,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Noklusējuma: 0 (neierobežots)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1502,33 +1556,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1536,8 +1590,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1546,8 +1600,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1555,19 +1609,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1576,7 +1630,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1584,17 +1638,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1602,19 +1656,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1622,7 +1676,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1630,30 +1684,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1661,19 +1715,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1682,24 +1736,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Noklusējuma: <quote>atļaut</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1707,7 +1761,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1715,35 +1769,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1751,23 +1805,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1775,7 +1843,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1783,31 +1851,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1815,23 +1883,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1839,7 +1907,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1847,24 +1915,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1872,12 +1940,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1887,7 +1955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1896,29 +1964,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1926,7 +1994,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1934,66 +2002,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Atbalstītās vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2001,62 +2069,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Noklusējuma: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2065,54 +2133,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2120,29 +2188,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2150,19 +2218,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2170,73 +2238,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Noklusējuma: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2244,17 +2312,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Noklusējuma: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2263,17 +2331,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Noklusējuma: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2281,17 +2349,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Noklusējuma: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2299,18 +2367,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "PIEMĒRS"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2340,7 +2408,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2353,6 +2421,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2381,8 +2454,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURĒŠANAS IESPĒJAS"
@@ -2473,15 +2546,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2681,7 +2754,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2741,7 +2814,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2758,7 +2831,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2768,14 +2841,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3044,21 +3117,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3067,24 +3194,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3092,54 +3219,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Noklusējuma: 10800 (12 stundas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3147,14 +3273,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3162,17 +3288,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3180,14 +3306,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3195,94 +3321,121 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Noklusējuma: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3290,17 +3443,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3308,14 +3461,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3323,7 +3476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3332,18 +3485,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3351,172 +3504,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3524,7 +3677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3532,12 +3685,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3545,12 +3698,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3561,12 +3714,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3574,12 +3727,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3588,34 +3741,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3623,14 +3776,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3638,17 +3791,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3658,12 +3811,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3671,17 +3824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3689,13 +3842,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3704,7 +3857,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3712,26 +3865,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3739,7 +3892,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3747,7 +3900,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3755,41 +3908,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3798,32 +3951,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3831,24 +3984,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3856,17 +4009,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3877,29 +4030,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3908,17 +4061,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3926,49 +4079,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3976,27 +4129,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Noklusējuma: 86400 (24 stundas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4008,7 +4161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4016,7 +4169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4024,39 +4177,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4066,7 +4219,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4074,26 +4227,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4101,32 +4254,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4135,88 +4295,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Noklusējuma: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Piemērs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4225,24 +4386,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4250,19 +4411,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "Atļautas šādas vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4271,7 +4432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4279,7 +4440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4288,7 +4449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4296,108 +4457,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Noklusējuma: filtrēt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4408,7 +4569,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4426,213 +4587,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4640,106 +4801,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4748,168 +4904,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: filter"
+msgid "Default: auto.master"
+msgstr "Noklusējuma: filtrēt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "PAPLAŠINĀTĀS IESPĒJAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4917,7 +5037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4925,7 +5045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4938,20 +5058,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "PIEZĪMES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4984,11 +5104,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4996,34 +5116,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5031,56 +5151,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5088,7 +5222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5100,7 +5234,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5112,6 +5246,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5124,7 +5263,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5254,7 +5393,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5299,6 +5438,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5386,7 +5530,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5401,7 +5545,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5416,12 +5560,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5442,12 +5586,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5472,7 +5616,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5489,12 +5633,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5502,12 +5646,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5526,19 +5670,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5568,101 +5712,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5670,12 +5805,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: 1"
+msgid "Default: try"
+msgstr "Noklusējuma: 1"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5683,17 +5865,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5701,12 +5883,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5715,342 +5897,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6058,7 +5968,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6070,7 +5980,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6078,7 +5988,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6092,6 +6002,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6139,7 +6054,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6158,44 +6073,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6205,12 +6129,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6218,19 +6142,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6240,8 +6164,167 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: filter"
+msgid "Default: Not set"
+msgstr "Noklusējuma: filtrēt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: filter"
+msgid "Default: permissive"
+msgstr "Noklusējuma: filtrēt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6252,29 +6335,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6282,7 +6365,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6297,7 +6380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6306,7 +6389,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6314,7 +6397,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6379,20 +6462,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6408,20 +6512,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6432,7 +6536,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6441,7 +6545,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6452,7 +6556,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6463,7 +6567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6471,37 +6575,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6688,6 +6792,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6945,6 +7056,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7043,106 +7159,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Noklusējuma: / tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7155,7 +7267,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7164,7 +7276,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7174,19 +7286,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Noklusējuma: 0 (bez ierobežojuma)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7194,7 +7306,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7205,36 +7317,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Noklusējuma: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7242,91 +7354,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7334,81 +7446,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7422,7 +7507,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7431,7 +7516,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7995,6 +8080,162 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8176,7 +8417,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8326,13 +8567,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8341,7 +8624,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8349,7 +8632,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8358,7 +8641,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8366,7 +8649,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8379,13 +8662,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8393,7 +8676,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8401,24 +8684,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8428,24 +8711,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8455,30 +8738,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8486,36 +8793,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8524,6 +8831,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8542,104 +8920,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8715,13 +9107,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8729,37 +9122,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 35dc3793b..8261f53ec 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/"
@@ -26,7 +26,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "SSSD handleiding"
@@ -62,13 +62,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "OMSCHRIJVING"
@@ -83,7 +83,7 @@ msgstr ""
"die via de opdrachtregel ingegeven zijn."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -137,18 +137,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Bestandsformaten en conventies"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "het configuratiebestand voor SSSD"
@@ -221,26 +222,113 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "OPTIES"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "Voeg een tijdstempel toe aan de debugberichten"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "SPECIALE SECTIES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Sectie parameters"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -249,33 +337,33 @@ msgstr ""
"gebruiken versie 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -284,17 +372,17 @@ msgstr ""
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -304,19 +392,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -324,12 +412,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -337,58 +425,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -401,7 +489,7 @@ msgstr ""
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -412,7 +500,7 @@ msgstr ""
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -421,7 +509,7 @@ msgstr ""
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -431,12 +519,12 @@ msgstr ""
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -445,26 +533,26 @@ msgstr ""
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -474,22 +562,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -500,12 +587,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -514,82 +601,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (numeriek)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (bool)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "Voeg een tijdstempel toe aan de debugberichten"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Standaard: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -599,17 +626,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -617,18 +644,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -637,13 +665,28 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -651,12 +694,12 @@ msgstr ""
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -665,17 +708,17 @@ msgstr ""
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -683,7 +726,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -693,7 +736,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -702,17 +745,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -720,17 +763,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -739,251 +782,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -991,59 +1034,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1051,7 +1094,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1060,17 +1103,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1078,63 +1121,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Standaard: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1142,51 +1185,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1198,7 +1241,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1209,24 +1252,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1234,12 +1277,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1248,24 +1291,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1274,47 +1317,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1326,14 +1369,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1342,41 +1385,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "full_name_format (string)"
msgid "subdomain_enumerate (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1385,149 +1428,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1536,17 +1590,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1555,33 +1609,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1589,8 +1643,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1599,8 +1653,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1608,19 +1662,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1629,7 +1683,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1637,17 +1691,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1655,19 +1709,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1675,7 +1729,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1683,30 +1737,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1714,19 +1768,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1735,24 +1789,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1760,7 +1814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1768,35 +1822,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1804,23 +1858,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1828,7 +1896,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1836,31 +1904,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1868,23 +1936,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1892,7 +1960,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1900,24 +1968,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1925,12 +1993,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1940,7 +2008,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1949,29 +2017,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1982,7 +2050,7 @@ msgstr ""
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1990,7 +2058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -1999,59 +2067,59 @@ msgstr ""
"(?P&lt;name&gt;) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2059,62 +2127,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2123,54 +2191,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2178,29 +2246,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2208,19 +2276,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2228,73 +2296,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2302,17 +2370,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2321,17 +2389,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2339,17 +2407,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2357,18 +2425,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2398,7 +2466,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2411,6 +2479,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2439,8 +2512,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2531,15 +2604,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2739,7 +2812,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2799,7 +2872,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2816,7 +2889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2826,14 +2899,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3102,21 +3175,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3125,24 +3252,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3150,54 +3277,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3205,14 +3331,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3220,17 +3346,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3238,14 +3364,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3253,94 +3379,121 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3348,17 +3501,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3366,14 +3519,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3381,7 +3534,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3390,18 +3543,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3409,172 +3562,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3582,7 +3735,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3590,12 +3743,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3603,12 +3756,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3619,12 +3772,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3632,12 +3785,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3646,34 +3799,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3681,14 +3834,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3696,17 +3849,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3716,12 +3869,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3729,17 +3882,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3747,13 +3900,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3762,7 +3915,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3770,26 +3923,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3797,7 +3950,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3805,7 +3958,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3813,41 +3966,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3856,32 +4009,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3889,24 +4042,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3914,17 +4067,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3935,29 +4088,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3966,17 +4119,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3984,49 +4137,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4034,27 +4187,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4066,7 +4219,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4074,7 +4227,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4082,39 +4235,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4124,7 +4277,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4132,26 +4285,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4159,32 +4312,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4193,88 +4353,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4283,24 +4444,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4308,19 +4469,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4329,7 +4490,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4337,7 +4498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4346,7 +4507,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4354,108 +4515,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4466,7 +4627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4484,213 +4645,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4698,106 +4859,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4806,168 +4962,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: auto.master"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4975,7 +5095,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4983,7 +5103,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4996,20 +5116,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5042,11 +5162,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5054,34 +5174,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5089,56 +5209,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5146,7 +5278,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5158,7 +5290,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5170,6 +5302,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5182,7 +5319,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5312,7 +5449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5357,6 +5494,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5444,7 +5586,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5459,7 +5601,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5474,12 +5616,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5500,12 +5642,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5530,7 +5672,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5547,12 +5689,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5560,12 +5702,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5584,19 +5726,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5626,101 +5768,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5728,12 +5861,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5741,17 +5921,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5759,12 +5939,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5773,342 +5953,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6116,7 +6024,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6128,7 +6036,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6136,7 +6044,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6150,6 +6058,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6197,7 +6110,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6216,44 +6129,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6263,12 +6185,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6276,19 +6198,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6298,8 +6220,171 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "ad_access_filter (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: Not set"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: permissive"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6310,29 +6395,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6340,7 +6425,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6355,7 +6440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6364,7 +6449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6372,7 +6457,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6437,20 +6522,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6466,20 +6572,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6490,7 +6596,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6499,7 +6605,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6510,7 +6616,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6521,7 +6627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6529,37 +6635,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6746,6 +6852,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -7003,6 +7116,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7101,106 +7219,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7213,7 +7327,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7222,7 +7336,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7232,17 +7346,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7250,7 +7364,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7261,36 +7375,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7298,91 +7412,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7390,81 +7504,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7478,7 +7565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7487,7 +7574,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8051,6 +8138,164 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "user_attributes (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8232,7 +8477,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8382,13 +8627,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8397,7 +8684,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8405,7 +8692,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8414,7 +8701,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8422,7 +8709,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8435,13 +8722,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8449,7 +8736,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8457,24 +8744,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8484,24 +8771,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8511,30 +8798,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8542,36 +8853,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8580,6 +8891,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8598,104 +8980,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8771,13 +9167,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8785,37 +9182,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index a405a077d..9e9f8544c 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
@@ -25,7 +25,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Páginas de Manual de SSSD"
@@ -61,13 +61,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "DESCRIÇÃO"
@@ -82,7 +82,7 @@ msgstr ""
"que são especificadas na linha de comando."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -136,18 +136,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Formatos de ficheiros e convenções"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "o ficheiro de configuração para SSSD"
@@ -215,26 +216,113 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "OPÇÕES AVANÇADAS"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Padrão: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Padrão: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "SECÇÕES ESPECIAIS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "A seção [SSSD]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Parâmetros de secção"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -243,12 +331,12 @@ msgstr ""
"versão 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "serviços"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -256,21 +344,21 @@ msgstr ""
"separados por vírgulas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -279,17 +367,17 @@ msgstr ""
"falha do provedor de dados ou reiniciar antes de eles desistirem"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Padrão: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domínios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -299,19 +387,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -319,12 +407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -332,58 +420,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -392,7 +480,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -400,52 +488,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -455,22 +543,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -481,12 +568,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -495,82 +582,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (bool)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Padrão: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (integer)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Padrão: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -580,17 +607,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -598,18 +625,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Padrão: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -618,41 +646,56 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -660,7 +703,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -670,7 +713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -679,17 +722,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Padrão: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -697,17 +740,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -716,251 +759,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Padrão: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Padrão: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -968,59 +1011,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Padrão: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1028,7 +1071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1037,17 +1080,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1055,63 +1098,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1119,51 +1162,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1175,7 +1218,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1186,24 +1229,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1211,12 +1254,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1225,24 +1268,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "SECÇÕES DE DOMÍNIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1251,47 +1294,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Padrão: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1303,14 +1346,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1319,41 +1362,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "full_name_format (string)"
msgid "subdomain_enumerate (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1362,149 +1405,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Padrão: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Padrão: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1513,17 +1567,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Padrão: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1532,33 +1586,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1566,8 +1620,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1576,8 +1630,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1585,19 +1639,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1606,7 +1660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1614,17 +1668,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1632,19 +1686,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1652,7 +1706,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1660,30 +1714,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1691,19 +1745,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1712,24 +1766,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1737,7 +1791,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1745,35 +1799,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1781,23 +1835,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1805,7 +1873,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1813,31 +1881,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1845,23 +1913,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1869,7 +1937,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1877,24 +1945,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1902,12 +1970,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1917,7 +1985,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1926,29 +1994,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1956,7 +2024,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1964,66 +2032,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Default: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Default: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2031,62 +2099,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Padrão: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2095,54 +2163,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2150,29 +2218,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2180,19 +2248,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "A secção de domínio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2200,73 +2268,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Padrão: <filename>bash/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Padrão: <filename>/ home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2274,17 +2342,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Padrão: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2293,17 +2361,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Padrão: <filename>skel/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2311,17 +2379,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Padrão: <filename>mail/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2329,18 +2397,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "EXEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2394,7 +2462,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2407,6 +2475,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2435,8 +2508,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPÇÕES DE CONFIGURAÇÃO"
@@ -2527,15 +2600,15 @@ msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Exemplos:"
@@ -2739,7 +2812,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2799,7 +2872,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Padrão: nsUniqueId"
@@ -2816,7 +2889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2826,14 +2899,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Padrão: modifyTimestamp"
@@ -3102,21 +3175,77 @@ msgstr "Padrão: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3125,24 +3254,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3150,54 +3279,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Padrão: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Padrão: NC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3205,14 +3333,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3220,17 +3348,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3238,14 +3366,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3253,94 +3381,121 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "Padrão: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3348,17 +3503,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3366,14 +3521,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3381,7 +3536,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3390,18 +3545,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3409,172 +3564,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Padrão: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3582,7 +3737,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3590,12 +3745,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3603,12 +3758,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3619,12 +3774,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3632,12 +3787,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3646,34 +3801,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "Padrão: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3681,14 +3836,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3696,17 +3851,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3716,12 +3871,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3729,17 +3884,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3747,13 +3902,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3762,7 +3917,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3770,19 +3925,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3791,7 +3946,7 @@ msgstr ""
"qualquer certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3799,7 +3954,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3807,7 +3962,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3815,41 +3970,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Padrão: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3858,32 +4013,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3891,24 +4046,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3916,17 +4071,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3937,29 +4092,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3968,17 +4123,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3986,50 +4141,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Padrão: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4037,27 +4192,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4069,7 +4224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4077,7 +4232,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4085,39 +4240,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4127,7 +4282,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4135,26 +4290,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4162,32 +4317,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4196,88 +4358,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4286,24 +4449,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4311,19 +4474,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4332,7 +4495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4340,7 +4503,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4349,7 +4512,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4357,108 +4520,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4469,7 +4632,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4487,213 +4650,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4701,106 +4864,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4809,168 +4967,134 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_user_fullname (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_user_fullname (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: auto.master"
+msgstr "Padrão: host"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "OPÇÕES AVANÇADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4978,7 +5102,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4986,7 +5110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4999,20 +5123,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5039,13 +5163,21 @@ msgstr "Módulo PAM para SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -5055,7 +5187,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5063,34 +5195,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5098,56 +5230,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "MÓDULOS TIPO FORNECIDOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "FICHEIROS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5155,7 +5301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5167,7 +5313,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5179,6 +5325,13 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5191,7 +5344,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5321,7 +5474,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5366,6 +5519,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5453,7 +5611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5468,7 +5626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5483,12 +5641,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5509,12 +5667,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5539,7 +5697,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5556,12 +5714,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5569,12 +5727,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5593,19 +5751,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5635,101 +5793,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5737,12 +5886,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: try"
+msgstr "Padrão: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5750,17 +5946,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5768,12 +5964,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5782,342 +5978,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "Padrão: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "Padrão: memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "Padrão: memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "Padrão: externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "Padrão: nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "Padrão: ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (string)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "Padrão: fqdn"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6125,7 +6049,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6137,7 +6061,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6145,7 +6069,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6163,6 +6087,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6210,7 +6139,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6229,44 +6158,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6276,12 +6214,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6289,19 +6227,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6311,8 +6249,173 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "access_provider (string)"
+msgid "ad_access_filter (string)"
+msgstr "access_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: host"
+msgid "Default: Not set"
+msgstr "Padrão: host"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "case_sensitive (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "case_sensitive (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "access_provider (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "access_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: True"
+msgid "Default: permissive"
+msgstr "Padrão: TRUE"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6323,29 +6426,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6353,7 +6456,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6368,7 +6471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6377,7 +6480,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6385,7 +6488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6450,20 +6553,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6479,20 +6603,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6503,7 +6627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6512,7 +6636,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6523,7 +6647,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6534,7 +6658,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6542,37 +6666,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6763,6 +6887,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -7026,6 +7157,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7124,106 +7260,104 @@ msgstr "krb5_ccachedir (string)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Padrão: /tmp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (string)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "nome de login"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "nome principal"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "nome de território"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "valor de krb5ccache_dir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "um literal '%'"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7236,7 +7370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7245,7 +7379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7255,19 +7389,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: filter"
msgid "Default: (from libkrb5)"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7275,7 +7409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7286,36 +7420,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Padrão: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7323,91 +7457,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr "Padrão: não definido, ou seja, o TGT não é renovável"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7415,81 +7549,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7503,7 +7610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7512,7 +7619,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -8086,6 +8193,170 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-simple"
+msgid "sssd-ifp"
+msgstr "sssd-simple"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (string)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "nome de login"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "Default: homeDirectory"
+msgid "homeDirectory"
+msgstr "Padrão: homeDirectory"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "Padrão: diret"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8267,7 +8538,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Configuração"
@@ -8417,13 +8688,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8432,7 +8745,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8440,7 +8753,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8449,7 +8762,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8457,7 +8770,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8470,13 +8783,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8484,7 +8797,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8492,24 +8805,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8519,24 +8832,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8546,30 +8859,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8577,36 +8914,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8615,6 +8952,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8633,104 +9041,118 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8806,13 +9228,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8820,37 +9243,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -8926,5 +9344,44 @@ msgstr ""
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (string)"
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (string)"
+
+#~ msgid "Default: memberUser"
+#~ msgstr "Padrão: memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (string)"
+
+#~ msgid "Default: memberHost"
+#~ msgstr "Padrão: memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (string)"
+
+#~ msgid "Default: externalHost"
+#~ msgstr "Padrão: externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (string)"
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "Padrão: nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (string)"
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "Padrão: ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (string)"
+
+#~ msgid "Default: fqdn"
+#~ msgstr "Padrão: fqdn"
+
#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgstr "Padrão: FILE:%d/krb5cc_%U_XXXXXX"
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index ad06b9820..91b0c5853 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
@@ -26,7 +26,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Справка по SSSD"
@@ -59,13 +59,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "ОПИСАНИЕ"
@@ -78,7 +78,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -123,18 +123,19 @@ msgstr "sssd.CONF"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "Файл конфигурации SSSD"
@@ -192,75 +193,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "ОПЦИИ"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "По умолчанию: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "По умолчанию: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "службы"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "попыток_соединения (целое число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "По умолчанию: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "домены"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -270,19 +358,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -290,12 +378,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -303,58 +391,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -363,7 +451,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -371,52 +459,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -426,22 +514,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -452,12 +539,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -466,82 +553,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "По умолчанию: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "По умолчанию: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -551,17 +578,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -569,18 +596,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -589,41 +617,56 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "offline_timeout (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "По умолчанию: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -631,7 +674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -641,7 +684,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -650,17 +693,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -668,17 +711,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "По умолчанию: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -687,251 +730,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -939,59 +982,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "По умолчанию: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "В настоящее время sssd поддерживает следующие значения:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "По умолчанию: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -999,7 +1042,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1008,17 +1051,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1026,63 +1069,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1090,51 +1133,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1146,7 +1189,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1157,24 +1200,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1182,12 +1225,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1196,24 +1239,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1222,47 +1265,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "По умолчанию: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1274,14 +1317,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1290,39 +1333,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1331,149 +1374,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1482,17 +1536,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1501,33 +1555,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1535,8 +1589,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1545,8 +1599,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1554,19 +1608,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1575,7 +1629,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1583,17 +1637,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1601,19 +1655,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1621,7 +1675,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1629,30 +1683,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1660,19 +1714,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1681,24 +1735,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1706,7 +1760,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1714,35 +1768,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1750,23 +1804,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1774,7 +1842,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1782,31 +1850,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1814,23 +1882,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1838,7 +1906,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1846,24 +1914,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1871,12 +1939,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1886,7 +1954,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1895,29 +1963,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1925,7 +1993,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1933,66 +2001,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Поддерживаемые значения:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2000,62 +2068,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr "По умолчанию: использовать доменное имя из hostname"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2064,54 +2132,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2119,29 +2187,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2149,19 +2217,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2169,73 +2237,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "По умолчанию: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "По умолчанию: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2243,17 +2311,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "По умолчанию: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2262,17 +2330,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "По умолчанию: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2280,17 +2348,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "По умолчанию: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2298,18 +2366,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "ПРИМЕР"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2339,7 +2407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2352,6 +2420,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2380,8 +2453,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
@@ -2472,15 +2545,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2680,7 +2753,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2740,7 +2813,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2757,7 +2830,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2767,14 +2840,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "По умолчанию: modifyTimestamp"
@@ -3043,21 +3116,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3066,24 +3193,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3091,54 +3218,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3146,14 +3272,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3161,17 +3287,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3179,14 +3305,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3194,94 +3320,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3289,17 +3440,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3307,14 +3458,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3322,7 +3473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3331,18 +3482,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3350,172 +3501,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3523,7 +3674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3531,12 +3682,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3544,12 +3695,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3560,12 +3711,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3573,12 +3724,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3587,34 +3738,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3622,14 +3773,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3637,17 +3788,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3657,12 +3808,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3670,17 +3821,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3688,13 +3839,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3703,7 +3854,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3711,26 +3862,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3738,7 +3889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3746,7 +3897,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3754,41 +3905,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3797,32 +3948,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3830,24 +3981,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3855,17 +4006,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3876,29 +4027,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3907,17 +4058,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3925,49 +4076,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3975,27 +4126,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4007,7 +4158,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4015,7 +4166,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4023,39 +4174,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4065,7 +4216,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4073,26 +4224,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4100,32 +4251,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4134,88 +4292,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4224,24 +4383,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4249,19 +4408,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4270,7 +4429,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4278,7 +4437,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4287,7 +4446,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4295,108 +4454,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4407,7 +4566,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4425,213 +4584,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4639,106 +4798,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4747,168 +4901,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: auto.master"
+msgstr "По умолчанию: false"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4916,7 +5034,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4924,7 +5042,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4937,20 +5055,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4983,11 +5101,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4995,34 +5113,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5030,56 +5148,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5087,7 +5217,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5099,7 +5229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5111,6 +5241,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5123,7 +5258,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5253,7 +5388,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5298,6 +5433,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5385,7 +5525,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5400,7 +5540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5415,12 +5555,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5441,12 +5581,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5471,7 +5611,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5488,12 +5628,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5501,12 +5641,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5525,19 +5665,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5567,101 +5707,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5669,12 +5800,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: try"
+msgstr "По умолчанию: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5682,17 +5860,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5700,12 +5878,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5714,342 +5892,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6057,7 +5963,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6069,7 +5975,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6077,7 +5983,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6091,6 +5997,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6138,7 +6049,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6157,44 +6068,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6204,12 +6124,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6217,19 +6137,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6239,8 +6159,167 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: Not set"
+msgstr "По умолчанию: root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: permissive"
+msgstr "По умолчанию: false"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6251,29 +6330,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6281,7 +6360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6296,7 +6375,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6305,7 +6384,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6313,7 +6392,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6378,20 +6457,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6407,20 +6507,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6431,7 +6531,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6440,7 +6540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6451,7 +6551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6462,7 +6562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6470,37 +6570,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6687,6 +6787,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6944,6 +7051,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7042,106 +7154,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7154,7 +7262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7163,7 +7271,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7173,19 +7281,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7193,7 +7301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7204,36 +7312,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7241,91 +7349,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7333,81 +7441,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7421,7 +7502,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7430,7 +7511,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7994,6 +8075,164 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "Default: homeDirectory"
+msgid "homeDirectory"
+msgstr "По умолчанию: homeDirectory"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "По умолчанию: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8175,7 +8414,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8325,13 +8564,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8340,7 +8621,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8348,7 +8629,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8357,7 +8638,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8365,7 +8646,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8378,13 +8659,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8392,7 +8673,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8400,24 +8681,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8427,24 +8708,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8454,30 +8735,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8485,36 +8790,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8523,6 +8828,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8541,104 +8917,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8714,13 +9104,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8728,37 +9119,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 8c82aebd2..b5e3e4594 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.10.93\n"
+"Project-Id-Version: sssd-docs 1.11.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
#. type: Content of: <reference><title>
-#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -46,7 +46,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr ""
@@ -58,7 +58,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:75 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -98,17 +98,17 @@ msgid "sssd.conf"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 sssd-ifp.5.xml:11
msgid "5"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16 sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -168,74 +168,152 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+msgid "GENERAL OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859 sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766 sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292 sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250 sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812 sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500 sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139 sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257 sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid "Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
"condition=\"with_ssh\">, ssh</phrase> <phrase "
-"condition=\"with_pac_responder\">, pac</phrase>"
+"condition=\"with_pac_responder\">, pac</phrase> <phrase "
+"condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -245,19 +323,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -265,12 +343,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -279,58 +357,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -339,7 +417,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -347,52 +425,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at "
"build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -402,19 +480,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383 sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373 sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440 sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401 include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -425,12 +503,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -439,74 +517,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819 sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692 sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217 sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186 sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750 sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431 sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139 sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492 sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -516,17 +542,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -534,17 +560,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591 sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415 sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054 sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the "
"<quote>timeout</quote> option), it is first sent the SIGTERM signal that "
@@ -553,42 +579,55 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -596,7 +635,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -606,7 +645,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -615,17 +654,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -633,17 +672,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set "
@@ -652,249 +691,250 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid "The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in "
"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in "
"<quote>/etc/shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the "
"machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during "
-"lookup. This option supersedes any other shell options if it takes effect "
-"and can be set either in the [nss] section or per-domain."
+"lookup. This option can be specified globally in the [nss] section or "
+"per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -902,59 +942,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -962,7 +1002,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -972,17 +1012,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -990,7 +1030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be "
@@ -998,56 +1038,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting "
"<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1055,51 +1095,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1111,7 +1151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1122,24 +1162,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1147,12 +1187,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1161,24 +1201,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -1187,46 +1227,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250 sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303 sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1238,14 +1278,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1254,39 +1294,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1295,148 +1335,159 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066 sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119 sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1445,17 +1496,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1464,34 +1515,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1499,7 +1550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397 sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1508,7 +1559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406 sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1516,19 +1567,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1537,7 +1588,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1545,17 +1596,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1563,19 +1614,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1583,7 +1634,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1591,29 +1642,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1621,19 +1672,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -1642,24 +1693,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -1668,7 +1719,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1676,34 +1727,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1711,22 +1762,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531 sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593 sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1734,7 +1799,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1743,31 +1808,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1776,22 +1841,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid "The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1799,7 +1864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1807,24 +1872,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1833,12 +1898,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1848,7 +1913,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: "
"<quote>(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?P&lt;name&gt;[^@\\\\]+)$))</quote> "
@@ -1856,29 +1921,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1886,7 +1951,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1894,66 +1959,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1961,61 +2026,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139 sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208 sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2024,52 +2089,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid "Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -2078,29 +2143,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2108,19 +2173,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2128,73 +2193,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2202,17 +2267,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2221,17 +2286,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2239,17 +2304,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2257,17 +2322,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131 sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131 sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2297,7 +2362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2310,6 +2375,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2339,7 +2409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83 sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2430,15 +2500,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by "
"http://www.ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2638,7 +2708,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2698,7 +2768,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2715,7 +2785,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2725,14 +2795,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3002,21 +3072,76 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP "
+"schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>phone</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3025,24 +3150,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3050,52 +3175,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954 sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289 sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023 sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3103,14 +3228,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option "
"<emphasis>must</emphasis> include <quote>authorized_service</quote> in order "
@@ -3118,17 +3243,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3136,14 +3261,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option "
"<emphasis>must</emphasis> include <quote>host</quote> in order for the "
@@ -3151,94 +3276,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
@@ -3246,17 +3396,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3264,14 +3414,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3279,7 +3429,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink "
@@ -3288,17 +3438,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212 sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281 sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3306,169 +3456,169 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid "The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3476,7 +3626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3484,12 +3634,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3497,12 +3647,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -3513,12 +3663,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3526,12 +3676,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3540,34 +3690,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3575,7 +3725,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use "
@@ -3583,7 +3733,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3591,17 +3741,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3611,12 +3761,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3624,17 +3774,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3642,12 +3792,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3656,7 +3806,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3664,26 +3814,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3691,7 +3841,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3699,7 +3849,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3707,41 +3857,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3750,32 +3900,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3783,24 +3933,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3808,17 +3958,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3829,29 +3979,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3861,17 +4011,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3879,49 +4029,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3929,27 +4079,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -3961,7 +4111,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3969,7 +4119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -3978,39 +4128,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4020,7 +4170,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> "
"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
@@ -4029,26 +4179,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -4057,32 +4207,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4091,88 +4248,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4181,24 +4339,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4206,19 +4364,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4227,7 +4385,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -4235,7 +4393,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4244,7 +4402,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option "
"<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
@@ -4252,108 +4410,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4364,7 +4522,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4382,213 +4540,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
"</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4596,105 +4754,100 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194 sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269 sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
"<emphasis>false</emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4703,169 +4856,131 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
"id=\"2\"/> <placeholder type=\"variablelist\" id=\"3\"/> <placeholder "
-"type=\"variablelist\" id=\"4\"/>"
+"type=\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" "
+"id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = "
-"(loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4873,7 +4988,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4881,7 +4996,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4894,17 +5009,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767 sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535 include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560 sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469 sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4937,11 +5052,12 @@ msgid ""
"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
-"<replaceable>retry=N</replaceable> </arg>"
+"<replaceable>retry=N</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4949,34 +5065,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -4985,56 +5101,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be "
@@ -5043,7 +5171,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file "
"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
@@ -5056,7 +5184,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory "
"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
@@ -5068,6 +5196,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5080,7 +5213,7 @@ msgid ""
"Kerberos libraries. To simplify the configuration the Realm and the KDC can "
"be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry>"
msgstr ""
@@ -5210,7 +5343,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
@@ -5256,6 +5389,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5345,7 +5483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5360,7 +5498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5375,12 +5513,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5401,12 +5539,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5431,7 +5569,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5449,12 +5587,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5462,12 +5600,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5486,19 +5624,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5528,100 +5666,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23 include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5629,12 +5759,57 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos "
+"pre-authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+msgid "Default: try"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5642,17 +5817,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5660,12 +5835,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5674,341 +5849,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid "The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6016,7 +5920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of "
"sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6028,7 +5932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -6036,7 +5940,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6050,6 +5954,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6099,7 +6008,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6118,44 +6027,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as "
+"case-insensitive in the AD provider for compatibility with Active "
+"Directory's LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6165,12 +6083,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6178,19 +6096,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6200,8 +6118,162 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the "
+"<quote>access_provider</quote> option must be explicitly set to "
+"<quote>ad</quote> in order for this option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or "
+"forest. This extended filter would consist of: "
+"<quote>KEYWORD:NAME:FILTER</quote>. The keyword can be either "
+"<quote>DOM</quote>, <quote>FOREST</quote> or missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then "
+"<quote>NAME</quote> specifies the domain or subdomain the filter applies "
+"to. If the keyword equals to <quote>FOREST</quote>, then the filter equals "
+"to all domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the "
+"per-domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid "disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+msgid "Default: permissive"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6212,22 +6284,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise "
"principal. See section 5 of RFC 6806 for more details about enterprise "
@@ -6235,7 +6307,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -6243,7 +6315,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6258,7 +6330,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6267,7 +6339,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6275,7 +6347,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6340,20 +6412,41 @@ msgid ""
"</citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> to your NIS domain name (which equals to IPA domain name "
+"when using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>. To speed up the LDAP lookups, you "
+"can also set search base for sudo rules using "
+"<emphasis>ldap_sudo_search_base</emphasis> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6369,20 +6462,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6393,7 +6486,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6402,7 +6495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the "
@@ -6413,7 +6506,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs "
@@ -6425,7 +6518,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this "
"machine. This means rules that contain one of the following values in "
@@ -6433,37 +6526,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6651,6 +6744,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6905,6 +7005,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7004,106 +7109,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7116,7 +7217,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is "
"<quote>KEYRING:persistent:%U</quote>, which uses the Linux kernel keyring to "
@@ -7125,7 +7226,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7135,17 +7236,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7153,7 +7254,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7164,36 +7265,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7201,90 +7302,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid "Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7292,81 +7393,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos "
-"pre-authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7381,7 +7455,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7390,7 +7464,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7953,6 +8027,161 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid "Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> and includes: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using "
+"<quote>+attr_name</quote> or explicitly remove an attribute using "
+"<quote>-attr_name</quote>. For example, to allow "
+"<quote>telephoneNumber</quote> but deny <quote>loginShell</quote>, you would "
+"use the following configuration: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8142,7 +8371,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8291,13 +8520,55 @@ msgid ""
"manually-assigned values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8306,7 +8577,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8314,7 +8585,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that "
@@ -8323,7 +8594,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8331,7 +8602,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8344,12 +8615,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8357,7 +8628,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8365,24 +8636,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8393,24 +8664,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8421,30 +8692,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8452,36 +8747,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8490,6 +8785,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8508,103 +8874,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal "
+"failures. Anything that would prevent SSSD from starting up or causes it to "
+"cease running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of "
+"2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid "<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
-msgid "<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+#: include/debug_levels.xml:48
+msgid ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of "
+"function-internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8690,46 +9071,49 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> "
-"<manvolnum>8</manvolnum> </citerefentry>, </phrase> <citerefentry> "
+"<manvolnum>8</manvolnum> </citerefentry>, </phrase> <phrase "
+"condition=\"with_ifp\"> <citerefentry> "
+"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry>, </phrase> <citerefentry> "
"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
"</citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:3 include/ldap_search_bases_experimental.xml:3
+#: include/ldap_search_bases.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
msgstr ""
#. type: Content of: <listitem><para><programlisting>
-#: include/ldap_search_bases.xml:9 include/ldap_search_bases_experimental.xml:9
+#: include/ldap_search_bases.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:7 include/ldap_search_bases_experimental.xml:7
+#: include/ldap_search_bases.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:13 include/ldap_search_bases_experimental.xml:13
+#: include/ldap_search_bases.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by "
-"http://www.ietf.org/rfc/rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of "
+"http://tools.ietf.org/html/rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19 include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the "
"<quote>ldap_search_base</quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27 include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 706b52732..ced7259d5 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/"
@@ -25,7 +25,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -58,13 +58,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "ШАРҲ"
@@ -77,7 +77,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -122,18 +122,19 @@ msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -191,75 +192,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "ИМКОНОТҲО"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Пешфарз: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Пешфарз: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Пешфарз: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Пешфарз: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -269,19 +357,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -289,12 +377,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -302,58 +390,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -362,7 +450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -370,52 +458,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -425,22 +513,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -451,12 +538,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -465,82 +552,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Пешфарз: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Пешфарз: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Пешфарз: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -550,17 +577,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -568,18 +595,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -588,41 +616,54 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Пешфарз: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -630,7 +671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -640,7 +681,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -649,17 +690,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Пешфарз: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -667,17 +708,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Пешфарз: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -686,251 +727,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Пешфарз: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -938,59 +979,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Пешфарз: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Пешфарз: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -998,7 +1039,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1007,17 +1048,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1025,63 +1066,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Пешфарз: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1089,51 +1130,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1145,7 +1186,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1156,24 +1197,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1181,12 +1222,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1195,24 +1236,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1221,47 +1262,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Пешфарз: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1273,14 +1314,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1289,39 +1330,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1330,149 +1371,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Пешфарз: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1481,17 +1533,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Пешфарз: 0 (номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1500,33 +1552,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1534,8 +1586,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1544,8 +1596,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1553,19 +1605,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1574,7 +1626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1582,17 +1634,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1600,19 +1652,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1620,7 +1672,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1628,30 +1680,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1659,19 +1711,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1680,24 +1732,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1705,7 +1757,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1713,35 +1765,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1749,23 +1801,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1773,7 +1839,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1781,31 +1847,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1813,23 +1879,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1837,7 +1903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1845,24 +1911,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1870,12 +1936,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1885,7 +1951,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1894,29 +1960,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1924,7 +1990,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1932,66 +1998,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1999,62 +2065,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Пешфарз: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2063,54 +2129,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2118,29 +2184,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2148,19 +2214,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2168,73 +2234,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Пешфарз: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2242,17 +2308,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2261,17 +2327,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2279,17 +2345,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2297,18 +2363,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "НАМУНА"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2338,7 +2404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2351,6 +2417,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2379,8 +2450,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2471,15 +2542,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Намунаҳо:"
@@ -2679,7 +2750,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2739,7 +2810,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2756,7 +2827,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2766,14 +2837,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3042,21 +3113,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3065,24 +3190,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3090,54 +3215,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3145,14 +3269,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3160,17 +3284,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3178,14 +3302,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3193,94 +3317,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3288,17 +3437,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Пешфарз: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3306,14 +3455,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3321,7 +3470,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3330,18 +3479,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3349,172 +3498,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3522,7 +3671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3530,12 +3679,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3543,12 +3692,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3559,12 +3708,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3572,12 +3721,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3586,34 +3735,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3621,14 +3770,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3636,17 +3785,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3656,12 +3805,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3669,17 +3818,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3687,13 +3836,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3702,7 +3851,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3710,26 +3859,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3737,7 +3886,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3745,7 +3894,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3753,41 +3902,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3796,32 +3945,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3829,24 +3978,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3854,17 +4003,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3875,29 +4024,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3906,17 +4055,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3924,49 +4073,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Пешфарз: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3974,27 +4123,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4006,7 +4155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4014,7 +4163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4022,39 +4171,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4064,7 +4213,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4072,26 +4221,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4099,32 +4248,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4133,88 +4289,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Намуна:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4223,24 +4380,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4248,19 +4405,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4269,7 +4426,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4277,7 +4434,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4286,7 +4443,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4294,108 +4451,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4406,7 +4563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4424,213 +4581,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4638,106 +4795,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4746,168 +4898,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: false"
+msgid "Default: auto.master"
+msgstr "Пешфарз: false"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4915,7 +5031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4923,7 +5039,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4936,20 +5052,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЭЗОҲҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4982,11 +5098,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -4994,34 +5110,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5029,56 +5145,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "ФАЙЛҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5086,7 +5214,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5098,7 +5226,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5110,6 +5238,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5122,7 +5255,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5252,7 +5385,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5297,6 +5430,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5384,7 +5522,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5399,7 +5537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5414,12 +5552,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5440,12 +5578,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5470,7 +5608,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5487,12 +5625,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5500,12 +5638,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5524,19 +5662,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5566,101 +5704,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5668,12 +5797,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Пешфарз: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5681,17 +5857,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5699,12 +5875,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5713,342 +5889,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6056,7 +5960,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6068,7 +5972,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6076,7 +5980,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6090,6 +5994,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6137,7 +6046,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6156,44 +6065,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6203,12 +6121,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6216,19 +6134,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6238,8 +6156,167 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: Not set"
+msgstr "Пешфарз: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: permissive"
+msgstr "Пешфарз: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6250,29 +6327,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6280,7 +6357,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6295,7 +6372,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6304,7 +6381,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6312,7 +6389,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6377,20 +6454,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6406,20 +6504,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6430,7 +6528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6439,7 +6537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6450,7 +6548,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6461,7 +6559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6469,37 +6567,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6686,6 +6784,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6943,6 +7048,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7041,106 +7151,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "Номи логин"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7153,7 +7259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7162,7 +7268,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7172,19 +7278,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7192,7 +7298,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7203,36 +7309,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7240,91 +7346,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7332,81 +7438,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7420,7 +7499,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7429,7 +7508,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7993,6 +8072,164 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "Номи логин"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "login name"
+msgid "loginShell"
+msgstr "Номи логин"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8174,7 +8411,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Ҷӯрсозӣ"
@@ -8324,13 +8561,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8339,7 +8618,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8347,7 +8626,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8356,7 +8635,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8364,7 +8643,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8377,13 +8656,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8391,7 +8670,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8399,24 +8678,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8426,24 +8705,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8453,30 +8732,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8484,36 +8787,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8522,6 +8825,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8540,104 +8914,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8713,13 +9101,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8727,37 +9116,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 15b6fca58..571527f4a 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 13:30+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
@@ -28,7 +28,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "Сторінки підручника SSSD"
@@ -64,13 +64,13 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr "ОПИС"
@@ -85,7 +85,7 @@ msgstr ""
"внесених за допомогою командного рядка."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -139,18 +139,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr "Формати файлів та правила"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr "файл налаштування SSSD"
@@ -226,26 +227,116 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "ADVANCED OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr "debug_level (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr "Додати часову позначку до діагностичних повідомлень."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr "Типове значення: true"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr "debug_microseconds (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+"Додати значення мікросекунд до часової позначки у діагностичних повідомленнях"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr "Типове значення: false"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr "timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
+"перевірки працездатності процесу та його змоги відповідати на запити."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr "Типове значення: 10"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr "ОСОБЛИВІ РОЗДІЛИ"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr "Розділ [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr "Параметри розділу"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr "config_file_version (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -254,12 +345,12 @@ msgstr ""
"0.6.0 та пізніших слід використовувати версію 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -267,12 +358,18 @@ msgstr ""
"запуску sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
+#, fuzzy
+#| msgid ""
+#| "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+#| "phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+#| "condition=\"with_ssh\">, ssh</phrase> <phrase condition="
+#| "\"with_pac_responder\">, pac</phrase>"
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</"
"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -280,12 +377,12 @@ msgstr ""
"\">, pac</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -295,17 +392,17 @@ msgstr ""
"визнання подальших спроб безнадійними."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "Типове значення: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -321,12 +418,12 @@ msgstr ""
"ASCII, дефісів та знаків підкреслювання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr "re_expression (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -335,7 +432,7 @@ msgstr ""
"користувача і доменом на його частини."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -347,12 +444,12 @@ msgstr ""
"ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr "full_name_format (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -364,32 +461,32 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr "ім’я користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -398,7 +495,7 @@ msgstr ""
"Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -407,7 +504,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -416,12 +513,12 @@ msgstr ""
"про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr "try_inotify (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -434,7 +531,7 @@ msgstr ""
"виконуватиметься опитування resolv.conf кожні п’ять секунд."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -444,7 +541,7 @@ msgstr ""
"рідкісних випадках слід встановити для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -453,7 +550,7 @@ msgstr ""
"інших платформах."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -463,12 +560,12 @@ msgstr ""
"опитування файла."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -477,7 +574,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -487,7 +584,7 @@ msgstr ""
"для кешу відтворення."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -496,12 +593,12 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, якщо не вказано)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -517,7 +614,7 @@ msgstr ""
"лише імені користувача без додавання до нього назви домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
@@ -527,15 +624,14 @@ msgstr ""
"користувач@назва.домену, для входу до системи."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr "Типове значення: not set"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -551,12 +647,12 @@ msgstr ""
"профілів. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "РОЗДІЛИ СЛУЖБ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -569,85 +665,22 @@ msgstr ""
"у розділі <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "Загальні параметри налаштування служб"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr "debug_level (ціле число)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (булеве значення)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr "Додати часову позначку до діагностичних повідомлень."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr "Типове значення: true"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr "debug_microseconds (булеве значення)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-"Додати значення мікросекунд до часової позначки у діагностичних повідомленнях"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr "Типове значення: false"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr "timeout (ціле число)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
-"перевірки працездатності процесу та його змоги відповідати на запити."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr "Типове значення: 10"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -663,17 +696,17 @@ msgstr ""
"цього параметра і обмеженням \"hard\" у limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -685,18 +718,19 @@ msgstr ""
"вичерпання ресурсів системи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr "Типове значення: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr "force_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -711,13 +745,28 @@ msgstr ""
"quote> у секундах, монітор примусово завершить роботу служби надсиланням "
"сигналу SIGKILL."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+#, fuzzy
+#| msgid "force_timeout (integer)"
+msgid "offline_timeout (integer)"
+msgstr "force_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr "Параметри налаштування NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -725,12 +774,12 @@ msgstr ""
"Switch (NSS або перемикання служби визначення назв)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -739,17 +788,17 @@ msgstr ""
"кеші nss_sss у секундах"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr "Типове значення: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -760,7 +809,7 @@ msgstr ""
"entry_cache_timeout для домену період часу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -775,7 +824,7 @@ msgstr ""
"розблокування після оновлення кешу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -789,17 +838,17 @@ msgstr ""
"можливість."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr "Типове значення: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -810,17 +859,17 @@ msgstr ""
"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr "Типове значення: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -834,17 +883,17 @@ msgstr ""
"списку користувачами лише з певного домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr "Типове значення: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -852,12 +901,12 @@ msgstr ""
"встановіть для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -866,7 +915,7 @@ msgstr ""
"каталог не вказано явним чином засобом надання даних домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -874,55 +923,67 @@ msgstr ""
"для параметра override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
-#, no-wrap
+#: sssd.conf.5.xml:531
+#, fuzzy, no-wrap
+#| msgid ""
+#| "override_homedir = /home/%u\n"
+#| " "
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
"override_homedir = /home/%u\n"
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Типове значення: не встановлено (без замін для невстановлених домашніх "
"каталогів)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr "override_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
-"Перевизначити оболонку реєстрації для всіх користувачів. Цей параметр можна "
-"вказати на загальному рівні у розділі [nss] або для кожного з доменів окремо."
+"Типова командна оболонка, яку слід використовувати, якщо засобом надання "
+"даних не повернуто даних оболонки під час пошуку. Якщо буде використано цей "
+"параметр, він матиме пріоритет над будь-якими іншими параметрами визначення "
+"командної оболонки. Його можна визначити або у розділі [nss] або для "
+"окремого домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
"від LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr "allowed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -930,13 +991,13 @@ msgstr ""
"визначення оболонки є таким:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -946,7 +1007,7 @@ msgstr ""
"shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -955,12 +1016,12 @@ msgstr ""
"<quote>/etc/shells</quote>, буде використано оболонку nologin."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr "Порожній рядок оболонки буде передано без обробки до libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -969,29 +1030,29 @@ msgstr ""
"тобто у разі встановлення нової оболонки слід перезапустити SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Типове значення: не встановлено. Автоматично використовується оболонка "
"користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Замінити всі записи цих оболонок на shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr "shell_fallback (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -999,21 +1060,25 @@ msgstr ""
"системі не встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr "Типове значення: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
+#, fuzzy
+#| msgid ""
+#| "The default shell to use if the provider does not return one during "
+#| "lookup. This option supersedes any other shell options if it takes effect "
+#| "and can be set either in the [nss] section or per-domain."
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
"Типова командна оболонка, яку слід використовувати, якщо засобом надання "
"даних не повернуто даних оболонки під час пошуку. Якщо буде використано цей "
@@ -1022,7 +1087,7 @@ msgstr ""
"окремого домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1032,12 +1097,12 @@ msgstr ""
"зазвичай /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1046,12 +1111,12 @@ msgstr ""
"чинним."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
@@ -1060,17 +1125,17 @@ msgstr ""
"чинним."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr "Типове значення: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1079,12 +1144,12 @@ msgstr ""
"Authentication Module (PAM або блокового модуля розпізнавання)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1094,17 +1159,17 @@ msgstr ""
"входу до системи)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1113,12 +1178,12 @@ msgstr ""
"дозволену кількість спроб входу з визначенням помилкового пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1128,7 +1193,7 @@ msgstr ""
"системи."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1140,17 +1205,17 @@ msgstr ""
"увімкнути можливість автономного розпізнавання."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr "Типове значення: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1159,43 +1224,43 @@ msgstr ""
"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr "Типове значення: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1206,7 +1271,7 @@ msgstr ""
"що розпізнавання виконується на основі найсвіжіших даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1220,18 +1285,18 @@ msgstr ""
"надання даних профілів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
"Показати попередження за вказану кількість днів перед завершенням дії пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1242,7 +1307,7 @@ msgstr ""
"попередження."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1252,7 +1317,7 @@ msgstr ""
"буде автоматично показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1261,27 +1326,27 @@ msgstr ""
"<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr "Типове значення: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr "Параметри налаштування SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr "Цими параметрами можна скористатися для налаштування служби sudo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr "sudo_timed (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1290,22 +1355,22 @@ msgstr ""
"призначені для визначення часових обмежень для записів sudoers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr "Параметри налаштування AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1316,22 +1381,22 @@ msgstr ""
"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr "Параметри налаштувань SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1339,12 +1404,12 @@ msgstr ""
"Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1353,17 +1418,17 @@ msgstr ""
"файлі known_hosts після надсилання запиту щодо ключів вузла."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr "Типове значення: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr "Параметри налаштування відповідача PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1382,7 +1447,7 @@ msgstr ""
"декодовано і визначено, виконуються деякі з таких дій:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1400,7 +1465,7 @@ msgstr ""
"параметра default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1409,18 +1474,18 @@ msgstr ""
"додано до цих груп."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Цими параметрами можна скористатися для налаштовування відповідача PAC."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1431,14 +1496,14 @@ msgstr ""
"іменами користувачів визначатимуться під час запуску."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
"користувач (root))"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1452,17 +1517,17 @@ msgstr ""
"запис 0."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1471,7 +1536,7 @@ msgstr ""
"відповідає цим обмеженням, його буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1484,7 +1549,7 @@ msgstr ""
"основної групи і належать діапазону, буде виведено у звичайному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1493,17 +1558,17 @@ msgstr ""
"лише повернення записів за назвою або ідентифікатором."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1512,23 +1577,23 @@ msgstr ""
"значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1547,7 +1612,7 @@ msgstr ""
"повторне визначення параметрів участі також іноді є складним завданням."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1557,7 +1622,7 @@ msgstr ""
"завершено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1571,7 +1636,7 @@ msgstr ""
"відповідного використаного засобу обробки ідентифікаторів (id_provider)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1580,34 +1645,34 @@ msgstr ""
"об’ємних середовищах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
#, fuzzy
#| msgid "subdomain_homedir (string)"
msgid "subdomain_enumerate (string)"
msgstr "subdomain_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1616,17 +1681,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr "Типове значення: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1635,17 +1700,28 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr "Типове значення: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1654,18 +1730,18 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr "Типове значення: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1674,12 +1750,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1688,12 +1764,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1702,12 +1778,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -1716,12 +1792,12 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -1730,12 +1806,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
@@ -1745,42 +1821,42 @@ msgstr ""
"застарілих записів мережевих груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr "Типове значення: 0 (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
"кеші LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
"форматі звичайного тексту"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1793,17 +1869,17 @@ msgstr ""
"offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1816,17 +1892,17 @@ msgstr ""
"даних розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -1834,17 +1910,17 @@ msgstr ""
"Серед підтримуваних засобів такі:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "«proxy»: підтримка застарілого модуля надання даних NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1855,8 +1931,8 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1869,8 +1945,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1882,12 +1958,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -1897,7 +1973,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1910,7 +1986,7 @@ msgstr ""
"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1918,17 +1994,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr "Не повертати записи учасників груп для пошуків груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1939,12 +2015,12 @@ msgstr ""
"обробки запитів щодо пошуку груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1953,7 +2029,7 @@ msgstr ""
"служб розпізнавання:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1965,7 +2041,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1977,18 +2053,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1997,12 +2073,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2013,7 +2089,7 @@ msgstr ""
"Вбудованими програмами є:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2022,12 +2098,12 @@ msgstr ""
"доступу для локального домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2040,17 +2116,17 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2059,7 +2135,7 @@ msgstr ""
"підтримку таких систем зміни паролів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2071,7 +2147,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2083,18 +2159,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2103,19 +2179,19 @@ msgstr ""
"цього параметра і якщо система здатна обробляти запити щодо паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr "sudo_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
"SUDO:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2127,25 +2203,39 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> явним чином вимикає SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
"його встановлено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr "selinux_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2156,7 +2246,7 @@ msgstr ""
"доступу. Передбачено підтримку таких засобів надання даних SELinux:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2168,14 +2258,14 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
"SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2184,12 +2274,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2199,7 +2289,7 @@ msgstr ""
"підтримку таких засобів надання даних піддоменів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2211,17 +2301,17 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr "autofs_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2229,7 +2319,7 @@ msgstr ""
"autofs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2241,7 +2331,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2253,17 +2343,17 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> вимикає autofs повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr "hostid_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2272,7 +2362,7 @@ msgstr ""
"вузла. Серед підтримуваних засобів надання hostid:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2284,12 +2374,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> вимикає hostid повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2303,7 +2393,7 @@ msgstr ""
"IPA та доменів Active Directory, простій назві (NetBIOS) домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2316,22 +2406,22 @@ msgstr ""
"різні стилі запису імен користувачів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr "користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr "користувач@назва.домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr "домен\\користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2340,7 +2430,7 @@ msgstr ""
"того, щоб полегшити інтеграцію користувачів з доменів Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2351,7 +2441,7 @@ msgstr ""
"домену — все після цього символу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2363,7 +2453,7 @@ msgstr ""
"платформах з версією libpcre 7."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2373,17 +2463,17 @@ msgstr ""
"підшаблонів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2392,48 +2482,48 @@ msgstr ""
"під час виконання пошуків у DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
"спробувати формат IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
"спробувати формат IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2444,18 +2534,18 @@ msgstr ""
"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr "Типове значення: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2464,28 +2554,28 @@ msgstr ""
"частину запиту визначення служб DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr "override_gid (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr "Замірити значення основного GID на вказане."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -2494,17 +2584,17 @@ msgstr ""
"версії підтримку передбачено лише для локальних надавачів даних."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr "Типове значення: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2519,28 +2609,35 @@ msgstr ""
"у кеші, щоб пришвидшити надання результатів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr "спрощена (NetBIOS) назва піддомену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
-msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+#: sssd.conf.5.xml:1821
+#, fuzzy
+#| msgid ""
+#| "Use this homedir as default value for all subdomains within this domain. "
+#| "See <emphasis>override_homedir</emphasis> for info about possible values. "
+#| "In addition to those, the expansion below can only be used with "
+#| "<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist"
+#| "\" id=\"0\"/>"
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
"Використовувати вказаний домашній каталог як типовий для всіх піддоменів у "
"цьому домені. Дані щодо можливих значень наведено у описі параметра "
@@ -2549,7 +2646,7 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2557,17 +2654,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Типове значення: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr "realmd_tags (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -2575,7 +2672,7 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2586,17 +2683,17 @@ msgstr ""
"quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2605,12 +2702,12 @@ msgstr ""
"налаштуваннями pam або створити нові і тут додати назву служби."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2621,7 +2718,7 @@ msgstr ""
"наприклад _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2630,12 +2727,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr "Розділ локального домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2646,29 +2743,29 @@ msgstr ""
"використовує <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
"інструментів простору користувачів SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2677,17 +2774,17 @@ msgstr ""
"replaceable> і використовують отриману адресу як адресу домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2696,17 +2793,17 @@ msgstr ""
"Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2715,12 +2812,12 @@ msgstr ""
"користувачів. Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2731,17 +2828,17 @@ msgstr ""
"до щойно створеного домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr "Типове значення: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2754,17 +2851,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2775,17 +2872,17 @@ msgstr ""
"каталог не вказано, буде використано типове значення."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2796,18 +2893,18 @@ msgstr ""
"вилучається. Код виконання, повернутий програмою не обробляється."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2861,7 +2958,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2877,6 +2974,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr "sssd-ldap"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2920,8 +3022,8 @@ msgstr ""
"більше про використання LDAP, як засобу керування доступом."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ"
@@ -3030,8 +3132,8 @@ msgstr ""
"Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий "
"рівень) або «subtree» (піддерево)."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
@@ -3040,7 +3142,7 @@ msgstr ""
"специфікації http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr "Приклади:"
@@ -3268,7 +3370,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr "Типове значення: gidNumber"
@@ -3329,7 +3431,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr "Типове значення: nsUniqueId"
@@ -3348,7 +3450,7 @@ msgstr ""
"потрібен лише для серверів ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
"Типове значення: objectSid для ActiveDirectory, не встановлено для інших "
@@ -3360,7 +3462,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3369,7 +3471,7 @@ msgstr ""
"об’єкта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
@@ -3684,21 +3786,77 @@ msgstr "Типове значення: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
+#, fuzzy
+#| msgid "ldap_user_search_base (string)"
+msgid "ldap_user_extra_attrs (string)"
+msgstr "ldap_user_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:623
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3712,12 +3870,12 @@ msgstr ""
"області у верхньому регістрі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -3726,12 +3884,12 @@ msgstr ""
"свого кешу нумерованих записів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3742,55 +3900,54 @@ msgstr ""
"цих записів з метою економії місця."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Встановлення нульового значення цього параметра вимкне дію з очищення кешу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr "Типове значення: 10800 (12 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "Атрибут LDAP, що відповідає повному імені користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr "Типове значення: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr "Типове значення: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3801,7 +3958,7 @@ msgstr ""
"LDAP для визначення прав доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3810,7 +3967,7 @@ msgstr ""
"(svc) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3821,17 +3978,17 @@ msgstr ""
"система змогла скористатися параметром ldap_user_authorized_service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr "Типове значення: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3842,7 +3999,7 @@ msgstr ""
"доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3851,7 +4008,7 @@ msgstr ""
"(host) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3862,77 +4019,77 @@ msgstr ""
"скористатися параметром ldap_user_authorized_host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr "Типове значення: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr "Клас об’єктів запису групи у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr "Типове значення: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr "Атрибут LDAP, що відповідає назві групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "Атрибут LDAP, у якому містяться імена учасників групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
@@ -3941,17 +4098,46 @@ msgstr ""
"лише для серверів ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+#, fuzzy
+#| msgid "ldap_opt_timeout (integer)"
+msgid "ldap_group_type (integer)"
+msgstr "ldap_opt_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+#, fuzzy
+#| msgid "The LDAP attribute that contains the names of the group's members."
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr "Атрибут LDAP, у якому містяться імена учасників групи."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3963,17 +4149,17 @@ msgstr ""
"параметра буде проігноровано, якщо використано схему RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr "Типове значення: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3985,7 +4171,7 @@ msgstr ""
"високим рівнем вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -3994,7 +4180,7 @@ msgstr ""
"можна буде спостерігати лише у дуже складних випадках вкладеності груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4005,7 +4191,7 @@ msgstr ""
"можливості. Отже, насправді значення «True» означає «визначити автоматично»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4018,18 +4204,18 @@ msgstr ""
"windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr "Типове значення: False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4042,126 +4228,126 @@ msgstr ""
"вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_uuid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr "Клас об’єктів запису служби у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr "Типове значення: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4169,48 +4355,48 @@ msgstr ""
"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr "Типове значення: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr "Типове значення: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4221,7 +4407,7 @@ msgstr ""
"автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4232,12 +4418,12 @@ msgstr ""
"окремих типів пошуків."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4248,12 +4434,12 @@ msgstr ""
"кешованих даних (і переходом до автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4270,12 +4456,12 @@ msgstr ""
"citerefentry> повертається до стану бездіяльності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4287,12 +4473,12 @@ msgstr ""
"випадку прив’язки SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4306,17 +4492,17 @@ msgstr ""
"дії TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr "Типове значення: 900 (15 хвилин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4326,17 +4512,17 @@ msgstr ""
"один запит."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr "Типове значення: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4347,7 +4533,7 @@ msgstr ""
"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4357,7 +4543,7 @@ msgstr ""
"підтримкою не можна скористатися."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4368,17 +4554,17 @@ msgstr ""
"це може призвести до відмови у виконанні запитів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr "Вимкнути отримання діапазону Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4394,12 +4580,12 @@ msgstr ""
"буде представлено як такі, у яких немає учасників."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4410,19 +4596,19 @@ msgstr ""
"параметра визначається OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Типове значення: типове для системи значення (зазвичай, визначається у ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4434,7 +4620,7 @@ msgstr ""
"виконуватиметься окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4442,7 +4628,7 @@ msgstr ""
"(розіменуванням), якщо вкажете значення 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4455,7 +4641,7 @@ msgstr ""
"OpenLDAP та Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4466,12 +4652,12 @@ msgstr ""
"незалежно від використання цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4481,7 +4667,7 @@ msgstr ""
"таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4490,7 +4676,7 @@ msgstr ""
"жодних сертифікатів сервера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4502,7 +4688,7 @@ msgstr ""
"режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4513,7 +4699,7 @@ msgstr ""
"надано помилковий сертифікат, негайно перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4524,22 +4710,22 @@ msgstr ""
"перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr "Типове значення: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4548,7 +4734,7 @@ msgstr ""
"розпізнаються <command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4557,12 +4743,12 @@ msgstr ""
"у <filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4575,32 +4761,32 @@ msgstr ""
"<command>cacertdir_rehash</command>, якщо ця програма є доступною."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr "Визначає файл, у якому міститься ключ клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4612,12 +4798,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4626,12 +4812,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> для захисту каналу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4643,19 +4829,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"У поточній версії у цій можливості передбачено підтримку лише встановлення "
"відповідності objectSID у ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4675,18 +4861,18 @@ msgstr ""
"ідентифікаторів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
"Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4695,12 +4881,12 @@ msgstr ""
"перевірено і підтримується лише механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4715,17 +4901,17 @@ msgstr ""
"myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4737,17 +4923,17 @@ msgstr ""
"проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr "Типове значення: значення krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -4757,34 +4943,34 @@ msgstr ""
"SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr "Типове значення: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4795,27 +4981,27 @@ msgstr ""
"механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4834,7 +5020,7 @@ msgstr ""
"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4846,7 +5032,7 @@ msgstr ""
"вдасться знайти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4857,29 +5043,29 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -4889,12 +5075,12 @@ msgstr ""
"версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4909,7 +5095,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4920,12 +5106,12 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -4934,7 +5120,7 @@ msgstr ""
"використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -4943,7 +5129,7 @@ msgstr ""
"разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4954,7 +5140,7 @@ msgstr ""
"manvolnum></citerefentry> для визначення того, чи чинним є пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4964,19 +5150,26 @@ msgstr ""
"для визначення завершення строку дії пароля. У разі зміни пароля "
"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4985,7 +5178,7 @@ msgstr ""
"з версією OpenLDAP 2.4.13 або новішою версією."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4999,28 +5192,28 @@ msgstr ""
"«false» може значно пришвидшити роботу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Визначає назву служби, яку буде використано у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr "Типове значення: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5029,17 +5222,17 @@ msgstr ""
"уможливлює зміну паролів, у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5048,19 +5241,28 @@ msgstr ""
"щодо кількості днів з часу виконання дії зі зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
+#, fuzzy
+#| msgid ""
+#| "If using access_provider = ldap and ldap_access_order = filter (default), "
+#| "this option is mandatory. It specifies an LDAP search filter criteria "
+#| "that must be met for the user to be granted access on this host. If "
+#| "access_provider = ldap, ldap_access_order = filter and this option is not "
+#| "set, it will result in all users being denied access. Use "
+#| "access_provider = permit to change this default behavior."
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
"Якщо використовується access_provider = ldap та ldap_access_order = filter "
"(типова поведінка), цей параметр є обов’язковим. Він вказує критерії "
@@ -5071,16 +5273,20 @@ msgstr ""
"скористайтеся параметром access_provider = permit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr "Приклад:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
-#, no-wrap
+#: sssd-ldap.5.xml:1833
+#, fuzzy, no-wrap
+#| msgid ""
+#| "access_provider = ldap\n"
+#| "ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+#| " "
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
"access_provider = ldap\n"
@@ -5088,15 +5294,19 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
+#, fuzzy
+#| msgid ""
+#| "This example means that access to this host is restricted to members of "
+#| "the \"allowedusers\" group in ldap."
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
"У прикладі доступ до вузла обмежено учасниками групи «allowedusers» у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5110,17 +5320,17 @@ msgstr ""
"таких прав не було надано, у автономному режимі їх також не буде надано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5129,7 +5339,7 @@ msgstr ""
"керування доступом на боці клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5140,12 +5350,12 @@ msgstr ""
"з відповідним кодом помилки, навіть якщо вказано правильний пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5154,7 +5364,7 @@ msgstr ""
"визначити, чи завершено строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5167,7 +5377,7 @@ msgstr ""
"Також буде перевірено, чи не вичерпано строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5178,7 +5388,7 @@ msgstr ""
"ldap_ns_account_lock."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5191,7 +5401,7 @@ msgstr ""
"атрибутів, надати доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5202,30 +5412,30 @@ msgstr ""
"користуватися параметром ldap_account_expire_policy."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
"списку:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5234,19 +5444,19 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
"права доступу"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5255,12 +5465,12 @@ msgstr ""
"використано декілька разів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5269,13 +5479,13 @@ msgstr ""
"пошуку. Можливі такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5285,7 +5495,7 @@ msgstr ""
"пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5294,7 +5504,7 @@ msgstr ""
"під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5303,7 +5513,7 @@ msgstr ""
"час пошуку, так і під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5312,12 +5522,12 @@ msgstr ""
"сценарієм <emphasis>never</emphasis>)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5326,7 +5536,7 @@ msgstr ""
"серверів, у яких використовується схема RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5344,7 +5554,7 @@ msgstr ""
"користувачів за допомогою виклику getpw*() або initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5371,57 +5581,57 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr "Клас об’єктів запису правила sudo у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr "Типове значення: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "Атрибут LDAP, що відповідає назві правила sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr "Атрибут LDAP, що відповідає назві команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr "Типове значення: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5430,17 +5640,17 @@ msgstr ""
"вузла, мережевій групі вузла)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr "Типове значення: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5449,32 +5659,32 @@ msgstr ""
"або назві мережевої групи користувача)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr "Типове значення: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "Атрибут LDAP, що відповідає параметрам sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr "Типове значення: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -5483,17 +5693,17 @@ msgstr ""
"команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr "Типове значення: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5502,17 +5712,17 @@ msgstr ""
"виконувати команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr "Типове значення: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -5520,49 +5730,49 @@ msgstr ""
"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr "Типове значення: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr "Типове значення: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr "Типове значення: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -5572,7 +5782,7 @@ msgstr ""
"набір правил, що зберігаються на сервері."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5581,17 +5791,17 @@ msgstr ""
"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr "Типове значення: 21600 (6 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5602,7 +5812,7 @@ msgstr ""
"правил, USN яких перевищує найбільше значення USN у кешованих правилах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -5611,12 +5821,12 @@ msgstr ""
"дані атрибута modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -5626,12 +5836,12 @@ msgstr ""
"назв вузлів)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5640,7 +5850,7 @@ msgstr ""
"фільтрування списку правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -5649,8 +5859,8 @@ msgstr ""
"назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5659,17 +5869,17 @@ msgstr ""
"<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr "Типове значення: не вказано"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5678,7 +5888,7 @@ msgstr ""
"правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5687,12 +5897,12 @@ msgstr ""
"адресу у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -5701,12 +5911,12 @@ msgstr ""
"мережеву групу (netgroup) у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -5715,12 +5925,7 @@ msgstr ""
"заміни у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5733,12 +5938,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr "ПАРАМЕТРИ AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -5747,47 +5952,68 @@ msgstr ""
"визначено у RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+#, fuzzy
+#| msgid "ldap_autofs_map_name (string)"
+msgid "ldap_autofs_map_master_name (string)"
+msgstr "ldap_autofs_map_name (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+#, fuzzy
+#| msgid "The name of an automount map entry in LDAP."
+msgid "The name of the automount master map in LDAP."
+msgstr "Назва запису карти автоматичного монтування у LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: sudoUser"
+msgid "Default: auto.master"
+msgstr "Типове значення: sudoUser"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr "Назва запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr "Типове значення: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -5796,22 +6022,28 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr "Типове значення: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
+#, fuzzy
+#| msgid ""
+#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+#| "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+#| "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+#| "\"variablelist\" id=\"4\"/>"
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5819,102 +6051,37 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr "ldap_user_search_filter (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-"За допомогою цього параметра можна визначити додатковий критерій "
-"фільтрування LDAP, яким буде обмежено пошук користувачів."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-"Цей параметр вважається <emphasis>застарілим</emphasis>. Варто "
-"використовувати синтаксичні конструкції з ldap_user_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-"За допомогою цього фільтра можна обмежити пошук користувачів, лише тими, для "
-"яких встановлено командну оболонку /bin/tcsh."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr "ldap_group_search_filter (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-"За допомогою цього параметра можна визначити додатковий критерій "
-"фільтрування LDAP, яким буде обмежено пошук груп."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-"Цей параметр вважається <emphasis>застарілим</emphasis>. Варто "
-"використовувати синтаксичні конструкції з ldap_group_search_base."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5925,7 +6092,7 @@ msgstr ""
"відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5936,7 +6103,7 @@ msgstr ""
"<replaceable>[domains]</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -5956,20 +6123,20 @@ msgstr ""
" cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6002,13 +6169,21 @@ msgstr "модуль PAM для SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <arg choice='opt'> "
"<replaceable>quiet</replaceable> </arg> <replaceable>forward_pass</"
@@ -6018,7 +6193,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6029,22 +6204,22 @@ msgstr ""
"<command>syslog(3)</command> до запису LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr "Не показувати у журналі повідомлень для невідомих користувачів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6053,12 +6228,12 @@ msgstr ""
"буде збережено у стосі паролів для використання іншими модулями PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6070,12 +6245,12 @@ msgstr ""
"непридатним, доступ користувачеві буде заборонено."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6085,12 +6260,12 @@ msgstr ""
"стосу модулів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6099,7 +6274,7 @@ msgstr ""
"раз розпізнавання зазнає невдачі. Типовим значенням є 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6110,13 +6285,27 @@ msgstr ""
"взаємодії з користувачем. Типовим прикладом є <command>sshd</command> з "
"<option>PasswordAuthentication</option>."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>ignore_unknown_user</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6125,12 +6314,12 @@ msgstr ""
"option>, <option>password</option> і <option>session</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr "ФАЙЛИ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6142,7 +6331,7 @@ msgstr ""
"повідомленні, наприклад, можуть міститися настанови щодо скидання пароля."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6162,7 +6351,7 @@ msgstr ""
"іншим користувачам може бути надано лише право читання файлів."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6177,8 +6366,28 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+#, fuzzy
+#| msgid "sssd_krb5_locator_plugin"
+msgid "Kerberos locator plugin"
+msgstr "sssd_krb5_locator_plugin"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
+#, fuzzy
+#| msgid ""
+#| "The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> "
+#| "is used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the "
+#| "Kerberos libraries what Realm and which KDC to use. Typically this is "
+#| "done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+#| "Kerberos libraries. To simplify the configuration the Realm and the KDC "
+#| "can be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+#| "<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>"
msgid ""
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
@@ -6189,7 +6398,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
"Додаток пошуку Kerberos <command>sssd_krb5_locator_plugin</command> "
@@ -6368,7 +6577,7 @@ msgstr ""
"обробляються."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6429,6 +6638,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr "sssd-ipa"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -6554,7 +6768,7 @@ msgstr ""
"цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (булеве значення)"
@@ -6574,7 +6788,7 @@ msgstr ""
"допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6595,12 +6809,12 @@ msgstr ""
"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6627,12 +6841,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Типове значення: 1200 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -6663,7 +6877,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
@@ -6688,12 +6902,12 @@ msgstr ""
"вважатимуться резервними серверами."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6705,12 +6919,12 @@ msgstr ""
"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6734,12 +6948,12 @@ msgid "Default: False (disabled)"
msgstr "Типове значення: False (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -6748,7 +6962,7 @@ msgstr ""
"даними з сервером DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
@@ -6781,7 +6995,7 @@ msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -6789,76 +7003,64 @@ msgstr ""
"Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про "
"налаштування декількох основ пошуку."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-"Якщо вказано фільтрування за довільною базою пошуку і встановлено значення "
-"False для <emphasis>ipa_hbac_support_srchost</emphasis>, фільтр буде "
-"проігноровано."
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку карт "
"користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
"Необов’язковий. Використати вказаний рядок як основу пошуку основного "
"об’єкта домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
"Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -6866,7 +7068,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6875,7 +7077,7 @@ msgstr ""
"модуля Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -6884,7 +7086,7 @@ msgstr ""
"«ipa_domain»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -6893,7 +7095,7 @@ msgstr ""
"перетворено у основний DN для виконання дій LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -6904,12 +7106,76 @@ msgstr ""
"запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr "krb5_use_fast (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+"Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible "
+"authentication secure tunneling або FAST) для попереднього розпізнавання у "
+"Kerberos. Передбачено такі варіанти:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:405
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr "<emphasis>h</emphasis> — години"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+#, fuzzy
+#| msgid ""
+#| "<emphasis>try</emphasis> to use FAST. If the server does not support "
+#| "FAST, continue the authentication without it."
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+"<emphasis>try</emphasis> — використовувати FAST. Якщо на сервері не "
+"передбачено підтримки FAST, продовжити розпізнавання без FAST."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+"<emphasis>demand</emphasis> — використовувати FAST. Якщо на сервері не "
+"передбачено підтримки FAST, спроба розпізнавання зазнає невдачі."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: try"
+msgstr "Типове значення: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+"Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT "
+"Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою "
+"версією MIT Kerberos і цим параметром, буде повідомлено про помилку у "
+"налаштуваннях."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:405
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -6920,17 +7186,17 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -6942,12 +7208,12 @@ msgstr ""
"користувача до системи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -6961,7 +7227,7 @@ msgstr ""
"періоду передбачено два режими обробки таких правил:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -6970,7 +7236,7 @@ msgstr ""
"DENY, всім користувачам доступ буде заборонено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -6980,48 +7246,24 @@ msgstr ""
"небажаним користувачам."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr "Типове значення: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr "ipa_hbac_support_srchost (булеве значення)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-"Якщо встановлено значення «false», значення srchost, вказане SSSD на основі "
-"даних PAM, буде проігноровано."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-"Зауважте, що якщо встановлено значення <emphasis>False</emphasis>, фільтри, "
-"вказані за допомогою параметра <emphasis>ipa_host_search_base</emphasis>, "
-"буде проігноровано;"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr "ipa_server_mode (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
#, fuzzy
#| msgid "This options should only be set by the IPA installer."
msgid "This option should only be set by the IPA installer."
msgstr "Цей параметр має встановлюватися лише засобом встановлення IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
@@ -7030,296 +7272,28 @@ msgstr ""
"і має виконувати пошуки користувачів і груп з довірених доменів окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr "Типове значення: адреса з назвою \"default\""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr "ipa_netgroup_member_of (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr "Атрибут LDAP зі списком учасників мережевої групи."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr "ipa_netgroup_member_user (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-"Атрибут LDAP зі списком користувачів та груп системи, які є безпосередніми "
-"учасниками мережевої групи."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr "Типове значення: memberUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr "ipa_netgroup_member_host (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-"Атрибут LDAP зі списком вузлів та груп вузлів, які є безпосередніми "
-"учасниками мережевої групи."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr "Типове значення: memberHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr "ipa_netgroup_member_ext_host (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-"Атрибут LDAP зі списком FQDN вузлів та груп вузлів, які є учасниками "
-"мережевої групи."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr "Типове значення: externalHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr "ipa_netgroup_domain (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-"Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup)."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr "Типове значення: nisDomainName"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr "ipa_host_object_class (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr "Клас об’єктів запису вузла у LDAP."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr "Типове значення: ipaHost"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr "ipa_host_fqdn (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr "Атрибут LDAP, що містить FQDN вузла."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr "Типове значення: fqdn"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr "ipa_selinux_usermap_object_class (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr "ipa_selinux_usermap_name (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr "ipa_selinux_usermap_member_user (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-"Атрибут LDAP, що містить список всіх користувачів і груп, яких стосується це "
-"правило."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr "ipa_selinux_usermap_member_host (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-"Атрибут LDAP, що містить список всіх вузлів і груп вузлів, яких стосується "
-"це правило."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr "ipa_selinux_usermap_see_also (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-"Атрибут LDAP, що містить назву домену правила HBAC, яким можна користуватися "
-"для встановлення відповідності замість memberUser і memberHost."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr "Типове значення: seeAlso"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr "ipa_selinux_usermap_selinux_user (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr "Типове значення: ipaSELinuxUser"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr "ipa_selinux_usermap_enabled (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-"Атрибут LDAP, що містить дані щодо того, чи можна користуватися картою "
-"користувачів."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr "Типове значення: ipaEnabledFlag"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr "ipa_selinux_usermap_user_category (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr "Атрибут LDAP, що містить категорію користувачів, зокрема 'all'."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr "Типове значення: userCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr "ipa_selinux_usermap_host_category (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr "Атрибут LDAP, що містить категорію вузлів, зокрема 'all'."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr "Типове значення: hostCategory"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr "ipa_selinux_usermap_uuid (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr "Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr "Типове значення: ipaUniqueID"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr "ipa_host_ssh_public_key (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr "Типове значення: ipaSshPubKey"
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr "СЛУЖБА ПІДДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
@@ -7328,7 +7302,7 @@ msgstr ""
"спосіб його налаштовано: явний чи неявний."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -7340,7 +7314,7 @@ msgstr ""
"якщо це потрібно."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -7360,7 +7334,7 @@ msgstr ""
"даних піддоменів буде знову увімкнено."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7372,7 +7346,7 @@ msgstr ""
"ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -7390,6 +7364,13 @@ msgstr ""
msgid "sssd-ad"
msgstr "sssd-ad"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+#, fuzzy
+#| msgid "Disable Active Directory range retrieval."
+msgid "SSSD Active Directory provider"
+msgstr "Вимкнути отримання діапазону Active Directory."
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -7453,9 +7434,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:62
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access and chpass provider. No "
+#| "configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
"Потреби у встановленні або використанні цих параметрів виникнути не повинно "
@@ -7475,14 +7461,25 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:68
+#, fuzzy
+#| msgid ""
+#| "By default, the AD provider will map UID and GID values from the "
+#| "objectSID parameter in Active Directory. For details on this, see the "
+#| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
+#| "mapping and instead rely on POSIX attributes defined in Active Directory, "
+#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> Users, "
+#| "groups and other entities served by SSSD are always treated as case-"
+#| "insensitive in the AD provider for compatibility with Active Directory's "
+#| "LDAP implementation."
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
msgstr ""
"Типово засіб надання даних AD виконує прив’язку значень UID і GID з "
"параметра objectSID у Active Directory. Докладніше про це можна дізнатися з "
@@ -7494,13 +7491,21 @@ msgstr ""
"даних AD з врахуванням регістру для сумісності з реалізацією Active "
"Directory у LDAP."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr "ad_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7509,7 +7514,7 @@ msgstr ""
"буде використано назву домену з налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7518,7 +7523,7 @@ msgstr ""
"малими літерами повної версії назви домену Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -7527,12 +7532,12 @@ msgstr ""
"автоматично визначається засобами SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -7548,12 +7553,12 @@ msgstr ""
"СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr "ad_hostname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7564,7 +7569,7 @@ msgstr ""
"розпізнавання цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7574,12 +7579,12 @@ msgstr ""
"вузла, для якого випущено таблицю ключів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7596,8 +7601,173 @@ msgstr ""
"SRV DNS, зокрема домен пошуку, використовуються також під час визначення "
"сайтів."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+#, fuzzy
+#| msgid "ldap_access_filter (string)"
+msgid "ad_access_filter (string)"
+msgstr "ldap_access_filter (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: not set"
+msgid "Default: Not set"
+msgstr "Типове значення: not set"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+#, fuzzy
+#| msgid "ad_enable_dns_sites (boolean)"
+msgid "ad_enable_gc (boolean)"
+msgstr "ad_enable_dns_sites (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+#, fuzzy
+#| msgid "ldap_access_order (string)"
+msgid "ad_gpo_access_control (string)"
+msgstr "ldap_access_order (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: ipService"
+msgid "Default: permissive"
+msgstr "Типове значення: ipService"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7614,22 +7784,22 @@ msgstr ""
"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr "Типове значення: 3600 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -7639,7 +7809,7 @@ msgstr ""
"реєстраційні дані."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7650,7 +7820,7 @@ msgstr ""
"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7674,7 +7844,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7686,7 +7856,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7698,7 +7868,7 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -7784,13 +7954,34 @@ msgstr ""
"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr "Налаштовування SSSD на отримання правил sudo"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
@@ -7799,7 +7990,7 @@ msgstr ""
"правил sudo з сервера LDAP."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -7825,23 +8016,28 @@ msgstr ""
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
+#, fuzzy
+#| msgid ""
+#| "When the SSSD is configured to use the IPA provider, the sudo provider is "
+#| "automatically enabled. The sudo search base is configured to use the "
+#| "compat tree (ou=sudoers,$DC)."
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
"Якщо SSSD налаштовано на використання надавача даних IPA, автоматично "
"вмикається модуль надавача даних sudo. Базу пошуку sudo налаштовано на "
"використання ієрархії даних compat (ou=sudoers,$DC)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr "Механізм кешування правил SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -7858,7 +8054,7 @@ msgstr ""
"оновленням, інтелектуальним оновленням та оновленням правил."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -7872,7 +8068,7 @@ msgstr ""
"мережу."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -7890,7 +8086,7 @@ msgstr ""
"стабільності правил sudo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -7910,7 +8106,7 @@ msgstr ""
"(які стосуються інших користувачів)."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -7921,37 +8117,37 @@ msgstr ""
"атрибуті <emphasis>sudoHost</emphasis> одне з таких значень:"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr "ключове слово ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr "шаблон заміни"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr "мережеву групу (у форматі «+мережева група»)"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr "назву вузла або повну назву у домені цього комп’ютера"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr "одну з IP-адрес цього комп’ютера"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr "одну з IP-адрес мережі (у форматі «адреса/маска»)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -8182,6 +8378,19 @@ msgstr ""
"Наказує SSSD перейти у режим роботи у мережі негайно. Найкориснішим "
"застосуванням є тестування служби."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+#| "debug messages will be sent to stderr."
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+"Якщо встановлено будь-яке значення змінної середовища "
+"SSSD_KRB5_LOCATOR_DEBUG, діагностичні повідомлення надсилатимуться до stderr."
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -8511,6 +8720,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr "sssd-krb5"
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -8651,114 +8865,104 @@ msgstr "krb5_ccachedir (рядок)"
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
-msgstr ""
-"Каталог для зберігання кешу реєстраційних даних. Тут можна використовувати "
-"всі послідовності-замінники krb5_ccname_template, окрім %d і %P. Якщо "
-"каталогу не існує, його буде створено. Якщо використано %u, %U, %p або %h, "
-"буде створено особистий каталог, власником якого буде користувач. Якщо цих "
-"замінників не буде використано, буде створено відкритий каталог з обмеженням "
-"на вилучення (або липким бітом, докладніші відомості викладено у довіднику "
-"(man) з <citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</"
-"manvolnum> </citerefentry>)."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr "Типове значення: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (рядок)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr "ім'я користувача"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr "ідентифікатор користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr "назва реєстраційного запису"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr "назва області"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr "%h"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr "домашній каталог"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+#, fuzzy
+#| msgid "value of krb5ccache_dir"
+msgid "value of krb5_ccachedir"
msgstr "значення krb5ccache_dir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr "%P"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr "ідентифікатор процесу клієнтської частини SSSD"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr "символ відсотків («%»)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
#, fuzzy
#| msgid ""
#| "Location of the user's credential cache. Two credential cache types are "
@@ -8788,7 +8992,7 @@ msgstr ""
"для безпечного створення назви файла використовується mkstemp(3)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -8797,7 +9001,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -8807,19 +9011,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
#, fuzzy
#| msgid "Default: 0 (No limit)"
msgid "Default: (from libkrb5)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -8830,7 +9034,7 @@ msgstr ""
"розпізнавання буде продовжено у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -8849,12 +9053,12 @@ msgstr ""
"його єдиним записом у файлі таблиці ключів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
@@ -8863,17 +9067,17 @@ msgstr ""
"реєстраційних даних, отриманих від KDC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr "Типове значення: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
@@ -8883,7 +9087,7 @@ msgstr ""
"перевірки."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -8895,12 +9099,12 @@ msgstr ""
"користувач (root), але йому для цього слід буде подолати деякі перешкоди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
@@ -8909,34 +9113,34 @@ msgstr ""
"за допомогою цілого числа, за яким одразу вказано одиницю часу:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr "<emphasis>s</emphasis> — секунди"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr "<emphasis>m</emphasis> — хвилини"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr "<emphasis>h</emphasis> — години"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr "<emphasis>d</emphasis> — дні."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю "
"<emphasis>s</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
@@ -8946,17 +9150,17 @@ msgstr ""
"«1h30m»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr "Типове значення: не встановлено, тобто TGT не є оновлюваним"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
@@ -8965,14 +9169,14 @@ msgstr ""
"цілого числа, за яким одразу вказано одиницю часу:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
"Якщо одиниці часу не буде вказано, вважатиметься, що використано одиницю "
"<emphasis>s</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
@@ -8982,7 +9186,7 @@ msgstr ""
"«1h30m»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
@@ -8990,12 +9194,12 @@ msgstr ""
"визначатиметься у налаштуваннях KDC."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr "krb5_renew_interval (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -9007,29 +9211,14 @@ msgstr ""
"одиниці часу:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
"Якщо значення для цього параметра встановлено не буде або буде встановлено "
"значення 0, автоматичного оновлення не відбуватиметься."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr "krb5_use_fast (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-"Вмикає безпечне тунелювання для гнучкого розпізнавання (flexible "
-"authentication secure tunneling або FAST) для попереднього розпізнавання у "
-"Kerberos. Передбачено такі варіанти:"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
@@ -9038,7 +9227,7 @@ msgstr ""
"якого значення цього параметра взагалі не задається."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
@@ -9047,51 +9236,30 @@ msgstr ""
"передбачено підтримки FAST, продовжити розпізнавання без FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-"<emphasis>demand</emphasis> — використовувати FAST. Якщо на сервері не "
-"передбачено підтримки FAST, спроба розпізнавання зазнає невдачі."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr "Типове значення: не встановлено, тобто FAST не використовується."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
"Зауваження: будь ласка, зауважте, що для використання FAST потрібна таблиця "
"ключів."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-"Зауваження: у SSSD передбачено підтримку FAST лише у разі використання MIT "
-"Kerberos версії 1.8 або новішої. Якщо SSSD буде використано зі старішою "
-"версією MIT Kerberos і цим параметром, буде повідомлено про помилку у "
-"налаштуваннях."
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
"Визначає реєстраційний запис сервера, який слід використовувати для FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
@@ -9100,8 +9268,10 @@ msgstr ""
"канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+#, fuzzy
+#| msgid "Default: false (AD provide: true)"
+msgid "Default: false (AD provider: true)"
msgstr "Типове значення: false (надається AD: true)"
#. type: Content of: <reference><refentry><refsect1><para>
@@ -9120,7 +9290,7 @@ msgstr ""
"про налаштування домену SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -9133,7 +9303,7 @@ msgstr ""
"Kerberos, там не вказано інструменту обробки профілів."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -9823,6 +9993,238 @@ msgstr ""
"системах без визначеного на загальному рівні значення PASS_MAX)."
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+#, fuzzy
+#| msgid "sssd-ipa"
+msgid "sssd-ifp"
+msgstr "sssd-ipa"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of the IPA provider for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
+#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> manual page."
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+"На цій сторінці довідника описано налаштування засобу керування доступом IPA "
+"для <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Щоб дізнатися більше про синтаксис налаштування, "
+"зверніться до розділу «ФОРМАТ ФАЙЛІВ» сторінки довідника <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+"Цими параметрами можна скористатися для налаштовування відповідача PAC."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+"Визначає список значень UID або імен користувачів, відокремлених комами. "
+"Користувачам з цього списку буде дозволено доступ до відповідача PAC. UID за "
+"іменами користувачів визначатимуться під час запуску."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+#, fuzzy
+#| msgid ""
+#| "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
+"користувач (root))"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "Please note that although the UID 0 is used as the default it will be "
+#| "overwritten with this option. If you still want to allow the root user to "
+#| "access the PAC responder, which would be the typical case, you have to "
+#| "add 0 to the list of allowed UIDs as well."
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+"Будь ласка, зауважте, що хоча типово використовується UID 0, значення UID "
+"буде перевизначено на основі цього параметра. Якщо ви хочете надати "
+"адміністративному користувачеві (root) доступ до відповідача PAC, що може "
+"бути типовим варіантом, вам слід додати до списку UID з правами доступу "
+"запис 0."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+#, fuzzy
+#| msgid "ldap_user_authorized_host (string)"
+msgid "user_attributes (string)"
+msgstr "ldap_user_authorized_host (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+#, fuzzy
+#| msgid "username"
+msgid "name"
+msgstr "користувач"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+#, fuzzy
+#| msgid "login name"
+msgid "user's login name"
+msgstr "ім'я користувача"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "uidNumber"
+msgstr "Типове значення: uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+#, fuzzy
+#| msgid "user name"
+msgid "user ID"
+msgstr "ім’я користувача"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+#, fuzzy
+#| msgid "Default: gidNumber"
+msgid "gidNumber"
+msgstr "Типове значення: gidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+#, fuzzy
+#| msgid "home directory"
+msgid "homeDirectory"
+msgstr "домашній каталог"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "loginShell"
+msgstr "Типове значення: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+#, fuzzy
+#| msgid "user name"
+msgid "user shell"
+msgstr "ім’я користувача"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+#, fuzzy
+#| msgid ""
+#| "All of the common configuration options that apply to SSSD domains also "
+#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+"Всі загальні параметри налаштування, які стосуються доменів SSSD, також "
+"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки "
+"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+#, fuzzy
+#| msgid ""
+#| "Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+"Типове значення: не встановлено, тобто типовий строк дії квитка "
+"визначатиметься у налаштуваннях KDC."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
@@ -10065,7 +10467,7 @@ msgstr ""
"цієї можливості для резервних серверів не передбачено."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr "Налаштування"
@@ -10270,13 +10672,55 @@ msgstr ""
"значеннями. Якщо вам потрібно призначити певні значення вручну, вручну "
"доведеться призначати ВСІ значення."
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr "Алгоритм встановлення відповідності"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -10289,7 +10733,7 @@ msgstr ""
"(RID) об’єкта користувача або групи."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -10301,7 +10745,7 @@ msgstr ""
"Directory."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -10314,7 +10758,7 @@ msgstr ""
"вибирається за таким алгоритмом:"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -10325,7 +10769,7 @@ msgstr ""
"від ділення цього значення на загальну кількість доступних зрізів."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -10348,14 +10792,14 @@ msgstr ""
"про це у розділі «Налаштування»."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
"Мінімальне налаштовування (у розділі <quote>[domain/НАЗВА_ДОМЕНУ]</quote>):"
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -10365,7 +10809,7 @@ msgstr ""
"ldap_schema = ad\n"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -10376,17 +10820,17 @@ msgstr ""
"вистачити для більшості розгорнутих середовищ."
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr "Додаткові налаштування"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (ціле число)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10396,7 +10840,7 @@ msgstr ""
"Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -10411,17 +10855,17 @@ msgstr ""
"меншим або рівним <quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr "Типове значення: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (ціле число)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
@@ -10431,7 +10875,7 @@ msgstr ""
"Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -10446,17 +10890,17 @@ msgstr ""
"більшим або рівним <quote>ldap_idmap_range_max</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr "Типове значення: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (ціле число)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
@@ -10466,13 +10910,37 @@ msgstr ""
"розмір діапазону не ділиться націло на мінімальне і максимальне значення, "
"буде створено якомога більше повних зрізів."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10483,22 +10951,22 @@ msgstr ""
"ідентифікаторів без використання алгоритму murmurhash описаного вище."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr "Вказати назву типового домену."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (булеве значення)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -10508,7 +10976,7 @@ msgstr ""
"<quote>idmap_autorid</quote> winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -10517,7 +10985,7 @@ msgstr ""
"нульового зрізу з поступовим зростанням номерів на кожен додатковий домен."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10531,6 +10999,77 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування "
"послідовного призначення принаймні одного домену до нульового зрізу."
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -10549,106 +11088,150 @@ msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
-"Бітова маска, яка визначає рівні діагностики, дані яких буде показано. "
-"0x0010 — типове і найменше можливе значення. 0xFFF0 — найдокладніший режим. "
-"Визначення цього параметра має пріоритет над визначенням у файлі налаштувань."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr "Рівні діагностики, передбачені у поточній версії:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
+#| "SSSD from starting up or causes it to cease running."
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
"<emphasis>0x0010</emphasis>: критичні помилки з аварійним завершенням "
"роботи. Всі помилки, які не дають SSSD змоги розпочати або продовжувати "
"роботу."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't "
+#| "kill the SSSD, but one that indicates that at least one major feature is "
+#| "not going to work properly."
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
"<emphasis>0x0020</emphasis>: критичні помилки. Помилки, які не призводять до "
"аварійного завершення роботи SSSD, але означають, що одна з основних "
"можливостей не працює належним чином."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
+#| "particular request or operation has failed."
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
"<emphasis>0x0040</emphasis>: серйозні помилки. Повідомлення про такі помилки "
"означають, що не вдалося виконати певний запит або дію."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x0080</emphasis>: Minor failures. These are the errors that "
+#| "would percolate down to cause the operation failure of 2."
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
"<emphasis>0x0080</emphasis>: незначні помилки. Це помилки які можуть "
"призвести до помилок під час виконання дій."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+#, fuzzy
+#| msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr "<emphasis>0x0100</emphasis>: параметри налаштування."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+#, fuzzy
+#| msgid "<emphasis>0x0200</emphasis>: Function data."
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr "<emphasis>0x0200</emphasis>: дані функцій."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+#, fuzzy
+#| msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr "<emphasis>0x0400</emphasis>: повідомлення трасування для функцій дій."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x1000</emphasis>: Trace messages for internal control "
+#| "functions."
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
"<emphasis>0x1000</emphasis>: повідомлення трасування для функцій "
"внутрішнього трасування."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
+#| "may be interesting."
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
"<emphasis>0x2000</emphasis>: вміст внутрішніх змінних функцій, який може "
"бути цікавим."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+#, fuzzy
+#| msgid ""
+#| "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr "<emphasis>0x4000</emphasis>: дані трасування найнижчого рівня."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
+#, fuzzy
+#| msgid ""
+#| "To log required debug levels, simply add their numbers together as shown "
+#| "in following examples:"
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
"Щоб до журналу було записано дані потрібних рівнів діагностики, просто "
"додайте відповідні числа, як це показано у наведених нижче прикладах:"
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
@@ -10658,7 +11241,7 @@ msgstr ""
"серйозних помилок та дані функцій, скористайтеся рівнем діагностики 0x0270."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
@@ -10669,16 +11252,27 @@ msgstr ""
"рівнем 0x1310."
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
+#, fuzzy
+#| msgid ""
+#| "<emphasis>Note</emphasis>: This is new format of debug levels introduced "
+#| "in 1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
msgstr ""
"<emphasis>Зауваження</emphasis>: цей новий формат визначення рівнів "
"діагностики впроваджено у версії 1.7.0. Визначення у форматах попередніх "
"версій (числа від 0 до 10) сумісні сз поточною версією, але вважаються "
"застарілими."
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+#, fuzzy
+#| msgid "<emphasis>h</emphasis> for hours"
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr "<emphasis>h</emphasis> — години"
+
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
msgid ""
@@ -10731,6 +11325,45 @@ msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ"
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
+#, fuzzy
+#| msgid ""
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+#| "citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+#| "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
+#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
+#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
+#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
+#| "citerefentry>."
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
@@ -10766,6 +11399,8 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
@@ -10808,7 +11443,6 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -10818,32 +11452,33 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "синтаксис: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
+#, fuzzy
+#| msgid ""
+#| "The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
+#| "must be a valid LDAP search filter as specified by http://www.ietf.org/"
+#| "rfc/rfc2254.txt"
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
"Областю може бути одне зі значень: «base», «onelevel» або «subtree». "
"Фільтром має бути коректний запис фільтрування LDAP, відповідно до "
"специфікації http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
@@ -10852,8 +11487,7 @@ msgstr ""
"прикладів «ldap_search_base»."
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
@@ -10945,5 +11579,293 @@ msgstr ""
"Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
"від LDAP)"
+#~ msgid ""
+#~ "Override the login shell for all users. This option can be specified "
+#~ "globally in the [nss] section or per-domain."
+#~ msgstr ""
+#~ "Перевизначити оболонку реєстрації для всіх користувачів. Цей параметр "
+#~ "можна вказати на загальному рівні у розділі [nss] або для кожного з "
+#~ "доменів окремо."
+
+#~ msgid "ldap_user_search_filter (string)"
+#~ msgstr "ldap_user_search_filter (рядок)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict user searches."
+#~ msgstr ""
+#~ "За допомогою цього параметра можна визначити додатковий критерій "
+#~ "фільтрування LDAP, яким буде обмежено пошук користувачів."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_user_search_base."
+#~ msgstr ""
+#~ "Цей параметр вважається <emphasis>застарілим</emphasis>. Варто "
+#~ "використовувати синтаксичні конструкції з ldap_user_search_base."
+
+#~ msgid ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+#~ msgstr ""
+#~ " ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
+#~ " "
+
+#~ msgid ""
+#~ "This filter would restrict user searches to users that have their shell "
+#~ "set to /bin/tcsh."
+#~ msgstr ""
+#~ "За допомогою цього фільтра можна обмежити пошук користувачів, лише тими, "
+#~ "для яких встановлено командну оболонку /bin/tcsh."
+
+#~ msgid "ldap_group_search_filter (string)"
+#~ msgstr "ldap_group_search_filter (рядок)"
+
+#~ msgid ""
+#~ "This option specifies an additional LDAP search filter criteria that "
+#~ "restrict group searches."
+#~ msgstr ""
+#~ "За допомогою цього параметра можна визначити додатковий критерій "
+#~ "фільтрування LDAP, яким буде обмежено пошук груп."
+
+#~ msgid ""
+#~ "This option is <emphasis>deprecated</emphasis> in favor of the syntax "
+#~ "used by ldap_group_search_base."
+#~ msgstr ""
+#~ "Цей параметр вважається <emphasis>застарілим</emphasis>. Варто "
+#~ "використовувати синтаксичні конструкції з ldap_group_search_base."
+
+#~ msgid ""
+#~ "If filter is given in any of search bases and "
+#~ "<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
+#~ "will be ignored."
+#~ msgstr ""
+#~ "Якщо вказано фільтрування за довільною базою пошуку і встановлено "
+#~ "значення False для <emphasis>ipa_hbac_support_srchost</emphasis>, фільтр "
+#~ "буде проігноровано."
+
+#~ msgid "ipa_hbac_support_srchost (boolean)"
+#~ msgstr "ipa_hbac_support_srchost (булеве значення)"
+
+#~ msgid ""
+#~ "If this is set to false, then srchost as given to SSSD by PAM will be "
+#~ "ignored."
+#~ msgstr ""
+#~ "Якщо встановлено значення «false», значення srchost, вказане SSSD на "
+#~ "основі даних PAM, буде проігноровано."
+
+#~ msgid ""
+#~ "Note that if set to <emphasis>False</emphasis>, this option casuses "
+#~ "filters given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
+#~ msgstr ""
+#~ "Зауважте, що якщо встановлено значення <emphasis>False</emphasis>, "
+#~ "фільтри, вказані за допомогою параметра <emphasis>ipa_host_search_base</"
+#~ "emphasis>, буде проігноровано;"
+
+#~ msgid "ipa_netgroup_member_of (string)"
+#~ msgstr "ipa_netgroup_member_of (рядок)"
+
+#~ msgid "The LDAP attribute that lists netgroup's memberships."
+#~ msgstr "Атрибут LDAP зі списком учасників мережевої групи."
+
+#~ msgid "ipa_netgroup_member_user (string)"
+#~ msgstr "ipa_netgroup_member_user (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists system users and groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "Атрибут LDAP зі списком користувачів та груп системи, які є "
+#~ "безпосередніми учасниками мережевої групи."
+
+#~ msgid "Default: memberUser"
+#~ msgstr "Типове значення: memberUser"
+
+#~ msgid "ipa_netgroup_member_host (string)"
+#~ msgstr "ipa_netgroup_member_host (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists hosts and host groups that are direct "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "Атрибут LDAP зі списком вузлів та груп вузлів, які є безпосередніми "
+#~ "учасниками мережевої групи."
+
+#~ msgid "Default: memberHost"
+#~ msgstr "Типове значення: memberHost"
+
+#~ msgid "ipa_netgroup_member_ext_host (string)"
+#~ msgstr "ipa_netgroup_member_ext_host (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+#~ "members of the netgroup."
+#~ msgstr ""
+#~ "Атрибут LDAP зі списком FQDN вузлів та груп вузлів, які є учасниками "
+#~ "мережевої групи."
+
+#~ msgid "Default: externalHost"
+#~ msgstr "Типове значення: externalHost"
+
+#~ msgid "ipa_netgroup_domain (string)"
+#~ msgstr "ipa_netgroup_domain (рядок)"
+
+#~ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+#~ msgstr ""
+#~ "Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи "
+#~ "(netgroup)."
+
+#~ msgid "Default: nisDomainName"
+#~ msgstr "Типове значення: nisDomainName"
+
+#~ msgid "ipa_host_object_class (string)"
+#~ msgstr "ipa_host_object_class (рядок)"
+
+#~ msgid "The object class of a host entry in LDAP."
+#~ msgstr "Клас об’єктів запису вузла у LDAP."
+
+#~ msgid "Default: ipaHost"
+#~ msgstr "Типове значення: ipaHost"
+
+#~ msgid "ipa_host_fqdn (string)"
+#~ msgstr "ipa_host_fqdn (рядок)"
+
+#~ msgid "The LDAP attribute that contains FQDN of the host."
+#~ msgstr "Атрибут LDAP, що містить FQDN вузла."
+
+#~ msgid "Default: fqdn"
+#~ msgstr "Типове значення: fqdn"
+
+#~ msgid "ipa_selinux_usermap_object_class (string)"
+#~ msgstr "ipa_selinux_usermap_object_class (рядок)"
+
+#~ msgid "ipa_selinux_usermap_name (string)"
+#~ msgstr "ipa_selinux_usermap_name (рядок)"
+
+#~ msgid "The LDAP attribute that contains the name of SELinux usermap."
+#~ msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux."
+
+#~ msgid "ipa_selinux_usermap_member_user (string)"
+#~ msgstr "ipa_selinux_usermap_member_user (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all users / groups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "Атрибут LDAP, що містить список всіх користувачів і груп, яких стосується "
+#~ "це правило."
+
+#~ msgid "ipa_selinux_usermap_member_host (string)"
+#~ msgstr "ipa_selinux_usermap_member_host (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+#~ "against."
+#~ msgstr ""
+#~ "Атрибут LDAP, що містить список всіх вузлів і груп вузлів, яких "
+#~ "стосується це правило."
+
+#~ msgid "ipa_selinux_usermap_see_also (string)"
+#~ msgstr "ipa_selinux_usermap_see_also (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+#~ "matching instead of memberUser and memberHost"
+#~ msgstr ""
+#~ "Атрибут LDAP, що містить назву домену правила HBAC, яким можна "
+#~ "користуватися для встановлення відповідності замість memberUser і "
+#~ "memberHost."
+
+#~ msgid "Default: seeAlso"
+#~ msgstr "Типове значення: seeAlso"
+
+#~ msgid "ipa_selinux_usermap_selinux_user (string)"
+#~ msgstr "ipa_selinux_usermap_selinux_user (рядок)"
+
+#~ msgid "The LDAP attribute that contains SELinux user string itself."
+#~ msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux."
+
+#~ msgid "Default: ipaSELinuxUser"
+#~ msgstr "Типове значення: ipaSELinuxUser"
+
+#~ msgid "ipa_selinux_usermap_enabled (string)"
+#~ msgstr "ipa_selinux_usermap_enabled (рядок)"
+
+#~ msgid ""
+#~ "The LDAP attribute that contains whether or not is user map enabled for "
+#~ "usage."
+#~ msgstr ""
+#~ "Атрибут LDAP, що містить дані щодо того, чи можна користуватися картою "
+#~ "користувачів."
+
+#~ msgid "Default: ipaEnabledFlag"
+#~ msgstr "Типове значення: ipaEnabledFlag"
+
+#~ msgid "ipa_selinux_usermap_user_category (string)"
+#~ msgstr "ipa_selinux_usermap_user_category (рядок)"
+
+#~ msgid "The LDAP attribute that contains user category such as 'all'."
+#~ msgstr "Атрибут LDAP, що містить категорію користувачів, зокрема 'all'."
+
+#~ msgid "Default: userCategory"
+#~ msgstr "Типове значення: userCategory"
+
+#~ msgid "ipa_selinux_usermap_host_category (string)"
+#~ msgstr "ipa_selinux_usermap_host_category (рядок)"
+
+#~ msgid "The LDAP attribute that contains host category such as 'all'."
+#~ msgstr "Атрибут LDAP, що містить категорію вузлів, зокрема 'all'."
+
+#~ msgid "Default: hostCategory"
+#~ msgstr "Типове значення: hostCategory"
+
+#~ msgid "ipa_selinux_usermap_uuid (string)"
+#~ msgstr "ipa_selinux_usermap_uuid (рядок)"
+
+#~ msgid "The LDAP attribute that contains unique ID of the user map."
+#~ msgstr ""
+#~ "Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів."
+
+#~ msgid "Default: ipaUniqueID"
+#~ msgstr "Типове значення: ipaUniqueID"
+
+#~ msgid "ipa_host_ssh_public_key (string)"
+#~ msgstr "ipa_host_ssh_public_key (рядок)"
+
+#~ msgid "The LDAP attribute that contains the host's SSH public keys."
+#~ msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла."
+
+#~ msgid "Default: ipaSshPubKey"
+#~ msgstr "Типове значення: ipaSshPubKey"
+
+#~ msgid ""
+#~ "Directory to store credential caches. All the substitution sequences of "
+#~ "krb5_ccname_template can be used here, too, except %d and %P. If the "
+#~ "directory does not exist, it will be created. If %u, %U, %p or %h are "
+#~ "used, a private directory belonging to the user is created. Otherwise, a "
+#~ "public directory with restricted deletion flag (aka sticky bit, as "
+#~ "described in <citerefentry> <refentrytitle>chmod</refentrytitle> "
+#~ "<manvolnum>1</manvolnum> </citerefentry> for details) is created."
+#~ msgstr ""
+#~ "Каталог для зберігання кешу реєстраційних даних. Тут можна "
+#~ "використовувати всі послідовності-замінники krb5_ccname_template, окрім "
+#~ "%d і %P. Якщо каталогу не існує, його буде створено. Якщо використано %u, "
+#~ "%U, %p або %h, буде створено особистий каталог, власником якого буде "
+#~ "користувач. Якщо цих замінників не буде використано, буде створено "
+#~ "відкритий каталог з обмеженням на вилучення (або липким бітом, докладніші "
+#~ "відомості викладено у довіднику (man) з <citerefentry> "
+#~ "<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
+#~ "citerefentry>)."
+
+#~ msgid ""
+#~ "Bit mask that indicates which debug levels will be visible. 0x0010 is the "
+#~ "default value as well as the lowest allowed value, 0xFFF0 is the most "
+#~ "verbose mode. This setting overrides the settings from config file."
+#~ msgstr ""
+#~ "Бітова маска, яка визначає рівні діагностики, дані яких буде показано. "
+#~ "0x0010 — типове і найменше можливе значення. 0xFFF0 — найдокладніший "
+#~ "режим. Визначення цього параметра має пріоритет над визначенням у файлі "
+#~ "налаштувань."
+
#~ msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
#~ msgstr "Типове значення: FILE:%d/krb5cc_%U_XXXXXX"
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index 0d6c98c71..c6a45f9ff 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2013-08-28 22:36+0300\n"
+"POT-Creation-Date: 2014-05-30 16:47+0300\n"
"PO-Revision-Date: 2013-07-24 12:28+0000\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) <trans-zh_cn@lists.fedoraproject.org>\n"
@@ -25,7 +25,7 @@ msgstr ""
#: sss_useradd.8.xml:5 sssd-krb5.5.xml:5 sss_groupadd.8.xml:5
#: sss_userdel.8.xml:5 sss_groupdel.8.xml:5 sss_groupshow.8.xml:5
#: sss_usermod.8.xml:5 sss_cache.8.xml:5 sss_debuglevel.8.xml:5
-#: sss_seed.8.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_seed.8.xml:5 sssd-ifp.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
msgstr "SSSD 手册页面"
@@ -58,13 +58,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:44
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:47
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30
#: sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30
#: sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30
-#: sss_seed.8.xml:31 sss_ssh_authorizedkeys.1.xml:30
+#: sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr ""
@@ -77,7 +77,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:51 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:54 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
@@ -128,18 +128,19 @@ msgstr "sssd.conf"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11
msgid "5"
msgstr "5"
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
-#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
-#: sssd-ipa.5.xml:17 sssd-ad.5.xml:17 sssd-krb5.5.xml:17
+#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
msgstr ""
@@ -197,75 +198,162 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "GENERAL OPTIONS"
+msgstr "选项"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:79 sssd.conf.5.xml:511 sssd.conf.5.xml:859
+#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1704 sssd-ldap.5.xml:1766
+#: sssd-ldap.5.xml:2209 sssd-ldap.5.xml:2274 sssd-ldap.5.xml:2292
+#: sssd-ipa.5.xml:356 sssd-ipa.5.xml:391 sssd-ad.5.xml:166 sssd-ad.5.xml:250
+#: sssd-ad.5.xml:339 sssd-ad.5.xml:427 sssd-krb5.5.xml:490
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:84
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:87
+msgid "Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:90 sssd.conf.5.xml:813 sssd.conf.5.xml:1812
+#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:1481 sssd-ldap.5.xml:1500
+#: sssd-ldap.5.xml:1676 sssd-ldap.5.xml:2005 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:503 sssd-krb5.5.xml:257
+#: sssd-krb5.5.xml:291 sssd-krb5.5.xml:462
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:101 sssd-ldap.5.xml:2017
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:99
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:103
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:106
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:111 sssd-ldap.5.xml:1352
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:121
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:62
+#: sssd.conf.5.xml:124
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:71 sssd.conf.5.xml:1833
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:1896
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:73
+#: sssd.conf.5.xml:135
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:138
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:82
+#: sssd.conf.5.xml:144
msgid "services"
msgstr "服务"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:85
+#: sssd.conf.5.xml:147
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:151
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
-"phrase>"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:98 sssd.conf.5.xml:321
+#: sssd.conf.5.xml:161 sssd.conf.5.xml:345
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:101 sssd.conf.5.xml:324
+#: sssd.conf.5.xml:164 sssd.conf.5.xml:348
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:329
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:353
msgid "Default: 3"
msgstr "默认: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:111
+#: sssd.conf.5.xml:174
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:114
+#: sssd.conf.5.xml:177
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -275,19 +363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:126 sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:1625
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:129
+#: sssd.conf.5.xml:192
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:134
+#: sssd.conf.5.xml:197
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -295,12 +383,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:143 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:1676
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:209 sssd.conf.5.xml:1679
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -308,58 +396,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:157 sssd.conf.5.xml:1628
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:1690
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:158 sssd.conf.5.xml:1629
+#: sssd.conf.5.xml:221 sssd.conf.5.xml:1691
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:161 sssd.conf.5.xml:1632
+#: sssd.conf.5.xml:224 sssd.conf.5.xml:1694
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:164 sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:227 sssd.conf.5.xml:1697
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:170 sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:233 sssd.conf.5.xml:1703
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:1644
+#: sssd.conf.5.xml:236 sssd.conf.5.xml:1706
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:154 sssd.conf.5.xml:1625
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:1687
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:246
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:189
+#: sssd.conf.5.xml:252
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:192
+#: sssd.conf.5.xml:255
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -368,7 +456,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:200
+#: sssd.conf.5.xml:263
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -376,52 +464,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:206
+#: sssd.conf.5.xml:269
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:210
+#: sssd.conf.5.xml:273
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217
+#: sssd.conf.5.xml:280
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220
+#: sssd.conf.5.xml:283
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:224
+#: sssd.conf.5.xml:287
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:230
+#: sssd.conf.5.xml:293
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237
+#: sssd.conf.5.xml:300
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240
+#: sssd.conf.5.xml:303
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -431,22 +519,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:313
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:256 sssd-ldap.5.xml:1371 sssd-ldap.5.xml:1383
-#: sssd-ldap.5.xml:1465 sssd-ldap.5.xml:2346 sssd-ldap.5.xml:2373
-#: sssd-krb5.5.xml:408 include/ldap_id_mapping.xml:145
-#: include/ldap_id_mapping.xml:156
+#: sssd.conf.5.xml:319 sssd-ldap.5.xml:662 sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1452 sssd-ldap.5.xml:1534 sssd-krb5.5.xml:401
+#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:64
+#: sssd.conf.5.xml:126
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -457,12 +544,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:330
msgid "SERVICES SECTIONS"
msgstr "服务部分"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:269
+#: sssd.conf.5.xml:332
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -471,82 +558,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:276
+#: sssd.conf.5.xml:339
msgid "General service configuration options"
msgstr "基本服务配置选项"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:278
+#: sssd.conf.5.xml:341
msgid "These options can be used to configure any service."
msgstr "这些选项可被用于配置任何服务。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:282
-msgid "debug_level (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:286
-msgid "debug_timestamps (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:289
-msgid "Add a timestamp to the debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:472 sssd.conf.5.xml:819
-#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1635 sssd-ldap.5.xml:1692
-#: sssd-ldap.5.xml:2134 sssd-ldap.5.xml:2199 sssd-ldap.5.xml:2217
-#: sssd-ipa.5.xml:361 sssd-ipa.5.xml:396 sssd-ad.5.xml:161 sssd-ad.5.xml:186
-#: sssd-ad.5.xml:274 sssd-krb5.5.xml:497
-msgid "Default: true"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:297
-msgid "debug_microseconds (bool)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:300
-msgid "Add microseconds to the timestamp in debug messages"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:773 sssd.conf.5.xml:1750
-#: sssd-ldap.5.xml:640 sssd-ldap.5.xml:1412 sssd-ldap.5.xml:1431
-#: sssd-ldap.5.xml:1607 sssd-ldap.5.xml:1930 sssd-ipa.5.xml:139
-#: sssd-ipa.5.xml:205 sssd-ipa.5.xml:474 sssd-ipa.5.xml:492
-#: sssd-krb5.5.xml:264 sssd-krb5.5.xml:298 sssd-krb5.5.xml:469
-msgid "Default: false"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:308
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:311
-msgid ""
-"Timeout in seconds between heartbeats for this service. This is used to "
-"ensure that the process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316 sssd-ldap.5.xml:1283
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:358
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:337
+#: sssd.conf.5.xml:361
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -556,17 +583,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:346
+#: sssd.conf.5.xml:370
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:351
+#: sssd.conf.5.xml:375
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:354
+#: sssd.conf.5.xml:378
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -574,18 +601,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:361 sssd.conf.5.xml:377 sssd.conf.5.xml:591
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:1014 sssd-ldap.5.xml:1113
+#: sssd.conf.5.xml:385 sssd.conf.5.xml:401 sssd.conf.5.xml:415
+#: sssd.conf.5.xml:631 sssd.conf.5.xml:791 sssd.conf.5.xml:1054
+#: sssd-ldap.5.xml:1182
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:1003
+#: sssd.conf.5.xml:390 sssd.conf.5.xml:1043
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:369 sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:393 sssd.conf.5.xml:1046
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -594,41 +622,54 @@ msgid ""
"by sending a SIGKILL signal."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:406
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:409
+msgid ""
+"If SSSD is in offline mode, and last attempt to go online was less than "
+"number of seconds specified in this option ago, new requests for data will "
+"not result in attempt to go online."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:385
+#: sssd.conf.5.xml:424
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:387
+#: sssd.conf.5.xml:426
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:392
+#: sssd.conf.5.xml:431
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:395
+#: sssd.conf.5.xml:434
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:399
+#: sssd.conf.5.xml:438
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:404
+#: sssd.conf.5.xml:443
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:407
+#: sssd.conf.5.xml:446
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -636,7 +677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:413
+#: sssd.conf.5.xml:452
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -646,7 +687,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:462
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -655,17 +696,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:431
+#: sssd.conf.5.xml:470
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:436
+#: sssd.conf.5.xml:475
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:439
+#: sssd.conf.5.xml:478
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -673,17 +714,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445 sssd.conf.5.xml:797
+#: sssd.conf.5.xml:484 sssd.conf.5.xml:837
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:489
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:453
+#: sssd.conf.5.xml:492
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -692,251 +733,251 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:460
+#: sssd.conf.5.xml:499
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:465
+#: sssd.conf.5.xml:504
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:468
+#: sssd.conf.5.xml:507
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:517
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:481
+#: sssd.conf.5.xml:520
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
+#: sssd.conf.5.xml:525
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:531
#, no-wrap
msgid ""
-"override_homedir = /home/%u\n"
+"fallback_homedir = /home/%u\n"
" "
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:490 include/override_homedir.xml:44
+#: sssd.conf.5.xml:529 include/override_homedir.xml:44
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:535
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:502
+#: sssd.conf.5.xml:541
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:505
+#: sssd.conf.5.xml:544
msgid ""
-"Override the login shell for all users. This option can be specified "
-"globally in the [nss] section or per-domain."
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:550
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:516
+#: sssd.conf.5.xml:556
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:519
+#: sssd.conf.5.xml:559
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:522
+#: sssd.conf.5.xml:562
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:566
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:571
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:536
+#: sssd.conf.5.xml:576
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:539
+#: sssd.conf.5.xml:579
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:583
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:548
+#: sssd.conf.5.xml:588
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:591
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:596
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:559
+#: sssd.conf.5.xml:599
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563
+#: sssd.conf.5.xml:603
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:608
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:611
msgid ""
"The default shell to use if the provider does not return one during lookup. "
-"This option supersedes any other shell options if it takes effect and can be "
-"set either in the [nss] section or per-domain."
+"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:577
+#: sssd.conf.5.xml:617
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:584 sssd.conf.5.xml:744
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:784
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:587 sssd.conf.5.xml:747
+#: sssd.conf.5.xml:627 sssd.conf.5.xml:787
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:636
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#: sssd.conf.5.xml:639
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:603 sssd-ldap.5.xml:654
+#: sssd.conf.5.xml:643 sssd-ldap.5.xml:702
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:650
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:652
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:657
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:660
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625 sssd.conf.5.xml:638
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:678
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:671
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:674
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:644
+#: sssd.conf.5.xml:684
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:647
+#: sssd.conf.5.xml:687
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:652
+#: sssd.conf.5.xml:692
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -944,59 +985,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:658 sssd.conf.5.xml:711
+#: sssd.conf.5.xml:698 sssd.conf.5.xml:751
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:664
+#: sssd.conf.5.xml:704
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:667
+#: sssd.conf.5.xml:707
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:672
+#: sssd.conf.5.xml:712
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:675
+#: sssd.conf.5.xml:715
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:678
+#: sssd.conf.5.xml:718
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:682
+#: sssd.conf.5.xml:722
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685
+#: sssd.conf.5.xml:725
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:689 sssd.8.xml:63
+#: sssd.conf.5.xml:729 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:694
+#: sssd.conf.5.xml:734
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:697
+#: sssd.conf.5.xml:737
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1004,7 +1045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:743
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1013,17 +1054,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:717
+#: sssd.conf.5.xml:757
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:720 sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:760 sssd.conf.5.xml:1217
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:723
+#: sssd.conf.5.xml:763
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1031,63 +1072,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:1167
+#: sssd.conf.5.xml:769 sssd.conf.5.xml:1220
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:734
+#: sssd.conf.5.xml:774
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:739 sssd.8.xml:79
+#: sssd.conf.5.xml:779 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:799
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:761
+#: sssd.conf.5.xml:801
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:765
+#: sssd.conf.5.xml:805
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:768
+#: sssd.conf.5.xml:808
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:821
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:823
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:827
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:830
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1095,51 +1136,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:846
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:808
+#: sssd.conf.5.xml:848
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:812
+#: sssd.conf.5.xml:852
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:855
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:824
+#: sssd.conf.5.xml:864
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:827
+#: sssd.conf.5.xml:867
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:831
+#: sssd.conf.5.xml:871
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:879
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:841
+#: sssd.conf.5.xml:881
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1151,7 +1192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:890
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1162,24 +1203,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:858
+#: sssd.conf.5.xml:898
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:904
msgid "These options can be used to configure the PAC responder."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:868
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:911
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1187,12 +1228,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:917
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:921
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1201,24 +1242,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:935
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:942
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:945
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910
+#: sssd.conf.5.xml:950
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1227,47 +1268,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:957
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:961
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:967
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:970
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:934
+#: sssd.conf.5.xml:974
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:937
+#: sssd.conf.5.xml:977
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1141 sssd.conf.5.xml:1250
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:980 sssd.conf.5.xml:1194 sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1320
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:943
+#: sssd.conf.5.xml:983
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1279,14 +1320,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:996
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:1001
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1295,39 +1336,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:969
+#: sssd.conf.5.xml:1009
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:1017
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:984
+#: sssd.conf.5.xml:1024
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:985
+#: sssd.conf.5.xml:1025
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1028
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:989
+#: sssd.conf.5.xml:1029
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:1020
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1336,149 +1377,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:997 sssd-ldap.5.xml:1666
+#: sssd.conf.5.xml:1037 sssd-ldap.5.xml:1735
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1060
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1023
+#: sssd.conf.5.xml:1063
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1067
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1080
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1086
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1089
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040 sssd.conf.5.xml:1053 sssd.conf.5.xml:1066
-#: sssd.conf.5.xml:1079 sssd.conf.5.xml:1092 sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1093 sssd.conf.5.xml:1106 sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1132 sssd.conf.5.xml:1145 sssd.conf.5.xml:1159
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1099
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1102
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:1112
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1062
+#: sssd.conf.5.xml:1115
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1072
+#: sssd.conf.5.xml:1125
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1075
+#: sssd.conf.5.xml:1128
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1085
+#: sssd.conf.5.xml:1138
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1088
+#: sssd.conf.5.xml:1141
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1151
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1154
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1165
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1168
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing expired "
"records. Currently only refreshing expired netgroups is supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:1173
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1124 sssd-ipa.5.xml:221
+#: sssd.conf.5.xml:1177 sssd-ipa.5.xml:221
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1130
+#: sssd.conf.5.xml:1183
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1186
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1137
+#: sssd.conf.5.xml:1190
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1199
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1149
+#: sssd.conf.5.xml:1202
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1487,17 +1539,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1209
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1214
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1225
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1506,33 +1558,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1179
+#: sssd.conf.5.xml:1232
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1238
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1188
+#: sssd.conf.5.xml:1241
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1245
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1248
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1252
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1540,8 +1592,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1207 sssd.conf.5.xml:1293 sssd.conf.5.xml:1344
-#: sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1260 sssd.conf.5.xml:1346 sssd.conf.5.xml:1397
+#: sssd.conf.5.xml:1450
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1550,8 +1602,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216 sssd.conf.5.xml:1302 sssd.conf.5.xml:1353
-#: sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1269 sssd.conf.5.xml:1355 sssd.conf.5.xml:1406
+#: sssd.conf.5.xml:1459
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1559,19 +1611,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1280
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1283
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1288
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1580,7 +1632,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1243
+#: sssd.conf.5.xml:1296
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1588,17 +1640,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1308
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1311
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1314
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1606,19 +1658,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1272
+#: sssd.conf.5.xml:1325
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1275
+#: sssd.conf.5.xml:1328
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279 sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1332 sssd.conf.5.xml:1390
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1626,7 +1678,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1339
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1634,30 +1686,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1310
+#: sssd.conf.5.xml:1363
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1313
+#: sssd.conf.5.xml:1366
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1369
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1322
+#: sssd.conf.5.xml:1375
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1325
+#: sssd.conf.5.xml:1378
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1665,19 +1717,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1331
+#: sssd.conf.5.xml:1384
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1387
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1361
+#: sssd.conf.5.xml:1414
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1686,24 +1738,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1421
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1426
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1429
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1381
+#: sssd.conf.5.xml:1434
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1711,7 +1763,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1442
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1719,35 +1771,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1467
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1471
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1421
+#: sssd.conf.5.xml:1474
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1428
+#: sssd.conf.5.xml:1481
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1431
+#: sssd.conf.5.xml:1484
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1435
+#: sssd.conf.5.xml:1488
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1755,23 +1807,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1496
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1500
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1504
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1445 sssd.conf.5.xml:1499 sssd.conf.5.xml:1531
-#: sssd.conf.5.xml:1556
+#: sssd.conf.5.xml:1507 sssd.conf.5.xml:1561 sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1618
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1451
+#: sssd.conf.5.xml:1513
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1454
+#: sssd.conf.5.xml:1516
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -1779,7 +1845,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1460
+#: sssd.conf.5.xml:1522
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1787,31 +1853,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1530
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1471
+#: sssd.conf.5.xml:1533
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1539
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1542
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1486
+#: sssd.conf.5.xml:1548
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1819,23 +1885,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:1557
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1568
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1571
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1575
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1843,7 +1909,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1582
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1851,24 +1917,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1590
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1600
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1603
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1545
+#: sssd.conf.5.xml:1607
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1876,12 +1942,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1553
+#: sssd.conf.5.xml:1615
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1566
+#: sssd.conf.5.xml:1628
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -1891,7 +1957,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1575
+#: sssd.conf.5.xml:1637
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -1900,29 +1966,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1580
+#: sssd.conf.5.xml:1642
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1645
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1648
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1589
+#: sssd.conf.5.xml:1651
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1594
+#: sssd.conf.5.xml:1656
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -1930,7 +1996,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1662
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -1938,66 +2004,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1607
+#: sssd.conf.5.xml:1669
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1716
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1722
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1663
+#: sssd.conf.5.xml:1725
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1729
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1732
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1735
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1738
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1679
+#: sssd.conf.5.xml:1741
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1744
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1750
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1753
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2005,62 +2071,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1697 sssd-ldap.5.xml:1097 sssd-ldap.5.xml:1139
-#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:246
+#: sssd.conf.5.xml:1759 sssd-ldap.5.xml:1166 sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1223 sssd-krb5.5.xml:239
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1703
+#: sssd.conf.5.xml:1765
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1706
+#: sssd.conf.5.xml:1768
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1710
+#: sssd.conf.5.xml:1772
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1716
+#: sssd.conf.5.xml:1778
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1781
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1725
+#: sssd.conf.5.xml:1787
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1728
+#: sssd.conf.5.xml:1790
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1733 sssd-ad.5.xml:244
+#: sssd.conf.5.xml:1795 sssd-ad.5.xml:397
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1739
+#: sssd.conf.5.xml:1801
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1742
+#: sssd.conf.5.xml:1804
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2069,54 +2135,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1818
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1766
+#: sssd.conf.5.xml:1829
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1767
+#: sssd.conf.5.xml:1830
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1759
+#: sssd.conf.5.xml:1821
msgid ""
-"Use this homedir as default value for all subdomains within this domain. See "
-"<emphasis>override_homedir</emphasis> for info about possible values. In "
-"addition to those, the expansion below can only be used with "
-"<emphasis>subdomain_homedir</emphasis>. <placeholder type=\"variablelist\" "
-"id=\"0\"/>"
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1835
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1776
+#: sssd.conf.5.xml:1839
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1781
+#: sssd.conf.5.xml:1844
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1784
+#: sssd.conf.5.xml:1847
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:897
+#: sssd.conf.5.xml:937
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2124,29 +2190,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1860
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1863
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1803
+#: sssd.conf.5.xml:1866
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1874
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1814
+#: sssd.conf.5.xml:1877
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2154,19 +2220,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1793
+#: sssd.conf.5.xml:1856
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1889
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1828
+#: sssd.conf.5.xml:1891
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2174,73 +2240,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1898
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1901
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1905
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1847
+#: sssd.conf.5.xml:1910
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1850
+#: sssd.conf.5.xml:1913
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:1918
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1923
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1926
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1867 sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:1930 sssd.conf.5.xml:1942
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1935
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1875
+#: sssd.conf.5.xml:1938
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1884
+#: sssd.conf.5.xml:1947
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:1950
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2248,17 +2314,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1895
+#: sssd.conf.5.xml:1958
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1900
+#: sssd.conf.5.xml:1963
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1903
+#: sssd.conf.5.xml:1966
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2267,17 +2333,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1913
+#: sssd.conf.5.xml:1976
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1918
+#: sssd.conf.5.xml:1981
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1921
+#: sssd.conf.5.xml:1984
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2285,17 +2351,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1991
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1933
+#: sssd.conf.5.xml:1996
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1999
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2303,18 +2369,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1942
+#: sssd.conf.5.xml:2005
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1952 sssd-ldap.5.xml:2399 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:759 sssd-ad.5.xml:293 sssd-krb5.5.xml:526
+#: sssd.conf.5.xml:2015 sssd-ldap.5.xml:2443 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:552 sssd-ad.5.xml:446 sssd-krb5.5.xml:519
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2021
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2344,7 +2410,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1954
+#: sssd.conf.5.xml:2017
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2357,6 +2423,11 @@ msgstr ""
msgid "sssd-ldap"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
msgid ""
@@ -2385,8 +2456,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:83
-#: sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2477,15 +2548,15 @@ msgstr ""
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:122
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
msgid ""
"The filter must be a valid LDAP search filter as specified by http://www."
"ietf.org/rfc/rfc2254.txt"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:645 sssd-ad.5.xml:212
msgid "Examples:"
msgstr ""
@@ -2685,7 +2756,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:792
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:840
msgid "Default: gidNumber"
msgstr ""
@@ -2745,7 +2816,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:818 sssd-ldap.5.xml:1004
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:866 sssd-ldap.5.xml:1073
msgid "Default: nsUniqueId"
msgstr ""
@@ -2762,7 +2833,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:362 sssd-ldap.5.xml:880
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -2772,14 +2843,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:842 sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:372 sssd-ldap.5.xml:890 sssd-ldap.5.xml:1082
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:846 sssd-ldap.5.xml:1020
+#: sssd-ldap.5.xml:376 sssd-ldap.5.xml:894 sssd-ldap.5.xml:1089
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3048,21 +3119,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:620
-msgid "ldap_user_ssh_public_key (string)"
+msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:623
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:628
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:638
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:648
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:651
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:655
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:658
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:668
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:671
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:630
+#: sssd-ldap.5.xml:678
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:633
+#: sssd-ldap.5.xml:681
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3071,24 +3196,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:646
+#: sssd-ldap.5.xml:694
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:697
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:660
+#: sssd-ldap.5.xml:708
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:663
+#: sssd-ldap.5.xml:711
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3096,54 +3221,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:717
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:673
+#: sssd-ldap.5.xml:721
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:727
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:730
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:686 sssd-ldap.5.xml:779 sssd-ldap.5.xml:954
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1963 sssd-ldap.5.xml:2289
-#: sssd-ipa.5.xml:614
+#: sssd-ldap.5.xml:734 sssd-ldap.5.xml:827 sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:2038 sssd-ldap.5.xml:2377
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:692
+#: sssd-ldap.5.xml:740
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:695
+#: sssd-ldap.5.xml:743
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:699 sssd-ipa.5.xml:518
+#: sssd-ldap.5.xml:747
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:705
+#: sssd-ldap.5.xml:753
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:756
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3151,14 +3275,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:763
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:768
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3166,17 +3290,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:727
+#: sssd-ldap.5.xml:775
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:781
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:784
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3184,14 +3308,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:742
+#: sssd-ldap.5.xml:790
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:747
+#: sssd-ldap.5.xml:795
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -3199,94 +3323,119 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:754
+#: sssd-ldap.5.xml:802
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:760
+#: sssd-ldap.5.xml:808
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:763
+#: sssd-ldap.5.xml:811
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:766
+#: sssd-ldap.5.xml:814
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:820
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:775
+#: sssd-ldap.5.xml:823
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:833
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:836
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:798
+#: sssd-ldap.5.xml:846
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:849
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:805
+#: sssd-ldap.5.xml:853
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:859
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:814
+#: sssd-ldap.5.xml:862
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:872
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:827
+#: sssd-ldap.5.xml:875
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:839
+#: sssd-ldap.5.xml:887
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:852
+#: sssd-ldap.5.xml:900
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:903
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:908
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:914
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:921
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:924
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3294,17 +3443,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:931
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:937
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:940
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3312,14 +3461,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:946
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:882 sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:951 sssd-ldap.5.xml:978
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3327,7 +3476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:957 sssd-ldap.5.xml:984
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3336,18 +3485,18 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:894 sssd-ldap.5.xml:921 sssd-ldap.5.xml:1212
-#: sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1734 include/ldap_id_mapping.xml:184
+#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:990 sssd-ldap.5.xml:1281
+#: sssd-ldap.5.xml:1302 sssd-ldap.5.xml:1808 include/ldap_id_mapping.xml:242
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:969
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:972
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3355,172 +3504,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:927
+#: sssd-ldap.5.xml:996
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:930
+#: sssd-ldap.5.xml:999
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:933
+#: sssd-ldap.5.xml:1002
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:1006
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:943
+#: sssd-ldap.5.xml:1012
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:1015
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:950
+#: sssd-ldap.5.xml:1019
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:1029
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1032
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:1036
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:1040
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:1046
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:1049
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984 sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1056
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1062
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1065
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1069
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1079
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1026
+#: sssd-ldap.5.xml:1095
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1098
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1101
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1038
+#: sssd-ldap.5.xml:1107
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1041
+#: sssd-ldap.5.xml:1110
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1120
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1054
+#: sssd-ldap.5.xml:1123
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1058
+#: sssd-ldap.5.xml:1127
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1064
+#: sssd-ldap.5.xml:1133
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1067
+#: sssd-ldap.5.xml:1136
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1071
+#: sssd-ldap.5.xml:1140
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1077
+#: sssd-ldap.5.xml:1146
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1151
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1085
+#: sssd-ldap.5.xml:1154
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3528,7 +3677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1160
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3536,12 +3685,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1172
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1175
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3549,12 +3698,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1188
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1122
+#: sssd-ldap.5.xml:1191
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3565,12 +3714,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1145
+#: sssd-ldap.5.xml:1214
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1217
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3578,12 +3727,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1229
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1232
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3592,34 +3741,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1171 sssd-ldap.5.xml:2120
+#: sssd-ldap.5.xml:1240 sssd-ldap.5.xml:2195
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1246
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1249
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1185
+#: sssd-ldap.5.xml:1254
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1260
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1263
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3627,14 +3776,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200
+#: sssd-ldap.5.xml:1269
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1206
+#: sssd-ldap.5.xml:1275
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3642,17 +3791,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1287
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1290
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1293
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -3662,12 +3811,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1308
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1242
+#: sssd-ldap.5.xml:1311
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -3675,17 +3824,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1248
+#: sssd-ldap.5.xml:1317
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1255
+#: sssd-ldap.5.xml:1324
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1258
+#: sssd-ldap.5.xml:1327
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3693,13 +3842,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1264
+#: sssd-ldap.5.xml:1333
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1268
+#: sssd-ldap.5.xml:1337
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3708,7 +3857,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1345
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3716,26 +3865,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1358
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1292
+#: sssd-ldap.5.xml:1361
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1298
+#: sssd-ldap.5.xml:1367
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1371
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3743,7 +3892,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1378
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3751,7 +3900,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1384
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3759,41 +3908,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1321
+#: sssd-ldap.5.xml:1390
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1394
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1400
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1403
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1357 sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1408 sssd-ldap.5.xml:1426 sssd-ldap.5.xml:1467
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1415
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1349
+#: sssd-ldap.5.xml:1418
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3802,32 +3951,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1433
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1436
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1380
+#: sssd-ldap.5.xml:1449
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1389
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3835,24 +3984,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1474
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1477
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1487
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1490
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -3860,17 +4009,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1496
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1506
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1509
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -3881,29 +4030,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1521
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1527
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1530
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1540
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1543
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -3912,17 +4061,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1551
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1557
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1560
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -3930,49 +4079,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1497
+#: sssd-ldap.5.xml:1566
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1572
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1575
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511
+#: sssd-ldap.5.xml:1580
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1586
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1589
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1523
+#: sssd-ldap.5.xml:1592
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1598
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1601
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3980,27 +4129,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1613
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1616
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1551 sssd-ad.5.xml:230
+#: sssd-ldap.5.xml:1620 sssd-ad.5.xml:383
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1557 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1626 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1560
+#: sssd-ldap.5.xml:1629
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4012,7 +4161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1572 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1641 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4020,7 +4169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1577 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1646 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4028,39 +4177,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1586 sssd-ipa.5.xml:371 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1655 sssd-ipa.5.xml:366 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1589
+#: sssd-ldap.5.xml:1658
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1661
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598 sssd-ipa.5.xml:386 sssd-krb5.5.xml:460
+#: sssd-ldap.5.xml:1667 sssd-ipa.5.xml:381 sssd-krb5.5.xml:453
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1670
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1613 sssd-krb5.5.xml:475
+#: sssd-ldap.5.xml:1682 sssd-krb5.5.xml:468
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1616 sssd-krb5.5.xml:478
+#: sssd-ldap.5.xml:1685 sssd-krb5.5.xml:471
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4070,7 +4219,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1627 sssd-krb5.5.xml:489
+#: sssd-ldap.5.xml:1696 sssd-krb5.5.xml:482
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4078,26 +4227,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1710
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1713
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1649
+#: sssd-ldap.5.xml:1718
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1723
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4105,32 +4254,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1729
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1738
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1746
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1675
+#: sssd-ldap.5.xml:1749
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1679
+#: sssd-ldap.5.xml:1753
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1758
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4139,88 +4295,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1772
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1775
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1705
+#: sssd-ldap.5.xml:1779
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1711
+#: sssd-ldap.5.xml:1785
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1714
+#: sssd-ldap.5.xml:1788
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1719
+#: sssd-ldap.5.xml:1793
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1799
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1728
+#: sssd-ldap.5.xml:1802
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1740
+#: sssd-ldap.5.xml:1814
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1743
+#: sssd-ldap.5.xml:1817
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
-"permit to change this default behavior."
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1830
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1833
#, no-wrap
msgid ""
"access_provider = ldap\n"
-"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+"ldap_access_filter = (employeeType=admin)\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1762
+#: sssd-ldap.5.xml:1837
msgid ""
-"This example means that access to this host is restricted to members of the "
-"\"allowedusers\" group in ldap."
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767
+#: sssd-ldap.5.xml:1842
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4229,24 +4386,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1850 sssd-ldap.5.xml:1907
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1856
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1859
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1863
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4254,19 +4411,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1795
+#: sssd-ldap.5.xml:1870
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1873
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1803
+#: sssd-ldap.5.xml:1878
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4275,7 +4432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1810
+#: sssd-ldap.5.xml:1885
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4283,7 +4440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1816
+#: sssd-ldap.5.xml:1891
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4292,7 +4449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1900
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4300,108 +4457,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1838
+#: sssd-ldap.5.xml:1913
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1916
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1845
+#: sssd-ldap.5.xml:1920
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1848
+#: sssd-ldap.5.xml:1923
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1852
+#: sssd-ldap.5.xml:1927
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1932
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1861
+#: sssd-ldap.5.xml:1936
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1939
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1871
+#: sssd-ldap.5.xml:1946
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1949
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1879
+#: sssd-ldap.5.xml:1954
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1883
+#: sssd-ldap.5.xml:1958
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1963
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1893
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1898
+#: sssd-ldap.5.xml:1973
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1981
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1909
+#: sssd-ldap.5.xml:1984
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1913
+#: sssd-ldap.5.xml:1988
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -4412,7 +4569,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1924
+#: sssd-ldap.5.xml:1999
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -4430,213 +4587,213 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1940
+#: sssd-ldap.5.xml:2015
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1944
+#: sssd-ldap.5.xml:2019
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:2022
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1950
+#: sssd-ldap.5.xml:2025
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:2031
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1959
+#: sssd-ldap.5.xml:2034
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:2044
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1972
+#: sssd-ldap.5.xml:2047
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1976
+#: sssd-ldap.5.xml:2051
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:2057
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2060
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1990
+#: sssd-ldap.5.xml:2065
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1996
+#: sssd-ldap.5.xml:2071
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1999
+#: sssd-ldap.5.xml:2074
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2003
+#: sssd-ldap.5.xml:2078
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2009
+#: sssd-ldap.5.xml:2084
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2087
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2091
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2022
+#: sssd-ldap.5.xml:2097
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2025
+#: sssd-ldap.5.xml:2100
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2029
+#: sssd-ldap.5.xml:2104
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2110
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2038
+#: sssd-ldap.5.xml:2113
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2042
+#: sssd-ldap.5.xml:2117
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2048
+#: sssd-ldap.5.xml:2123
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2051
+#: sssd-ldap.5.xml:2126
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2055
+#: sssd-ldap.5.xml:2130
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2136
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2064
+#: sssd-ldap.5.xml:2139
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2069
+#: sssd-ldap.5.xml:2144
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2150
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2153
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2157
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2163
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2166
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2171
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2176
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2107
+#: sssd-ldap.5.xml:2182
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2110
+#: sssd-ldap.5.xml:2185
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -4644,106 +4801,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2191
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2126
+#: sssd-ldap.5.xml:2201
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2129
+#: sssd-ldap.5.xml:2204
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2215
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2218
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2148
+#: sssd-ldap.5.xml:2223
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2153 sssd-ldap.5.xml:2176 sssd-ldap.5.xml:2194
-#: sssd-ldap.5.xml:2212
+#: sssd-ldap.5.xml:2228 sssd-ldap.5.xml:2251 sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2287
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158 sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2233 sssd-ldap.5.xml:2256
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2239
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2167
+#: sssd-ldap.5.xml:2242
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2172
+#: sssd-ldap.5.xml:2247
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187
+#: sssd-ldap.5.xml:2262
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2265
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2280
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2283
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1942
-msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2299
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4752,168 +4904,132 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2234
+#: sssd-ldap.5.xml:2309
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2311
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2317
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2320
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2323
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: auto.master"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2330
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245 sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2333 sssd-ldap.5.xml:2359
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2248 sssd-ldap.5.xml:2275
+#: sssd-ldap.5.xml:2336 sssd-ldap.5.xml:2363
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2255
+#: sssd-ldap.5.xml:2343
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2346
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2261
+#: sssd-ldap.5.xml:2349
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2268
+#: sssd-ldap.5.xml:2356
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2370
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285 sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2373 sssd-ldap.5.xml:2387
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2296
+#: sssd-ldap.5.xml:2384
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2303
+#: sssd-ldap.5.xml:2391
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2240
+#: sssd-ldap.5.xml:2315
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
-"\"variablelist\" id=\"4\"/>"
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2313
+#: sssd-ldap.5.xml:2401
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2408
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2413
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2418
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
-msgid "ldap_user_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict user searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_user_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:2352
-#, no-wrap
-msgid ""
-" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
-msgid ""
-"This filter would restrict user searches to users that have their shell set "
-"to /bin/tcsh."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2362
-msgid "ldap_group_search_filter (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2365
-msgid ""
-"This option specifies an additional LDAP search filter criteria that "
-"restrict group searches."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2369
-msgid ""
-"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
-"by ldap_group_search_base."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2379
+#: sssd-ldap.5.xml:2423
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2428
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2403
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4921,7 +5037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2445
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4929,7 +5045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2407
+#: sssd-ldap.5.xml:2451
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4942,20 +5058,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2406 sssd-simple.5.xml:139 sssd-ipa.5.xml:767
-#: sssd-ad.5.xml:301 sssd-sudo.5.xml:56 sssd-sudo.5.xml:78 sssd-krb5.5.xml:535
-#: include/ldap_id_mapping.xml:63
+#: sssd-ldap.5.xml:2450 sssd-simple.5.xml:139 sssd-ipa.5.xml:560
+#: sssd-ad.5.xml:454 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:528
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2419 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:316
-#: sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2463 sssd_krb5_locator_plugin.8.xml:61 sssd-ad.5.xml:469
+#: sssd.8.xml:191 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2421
+#: sssd-ldap.5.xml:2465
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4988,11 +5104,11 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
-"arg>"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:45
+#: pam_sss.8.xml:48
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5000,34 +5116,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:55
+#: pam_sss.8.xml:58
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:58
+#: pam_sss.8.xml:61
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:63
+#: pam_sss.8.xml:66
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:66
+#: pam_sss.8.xml:69
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:73
+#: pam_sss.8.xml:76
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:76
+#: pam_sss.8.xml:79
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5035,56 +5151,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:84
+#: pam_sss.8.xml:87
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:87
+#: pam_sss.8.xml:90
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:94
+#: pam_sss.8.xml:97
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:97
+#: pam_sss.8.xml:100
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:99
+#: pam_sss.8.xml:102
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:111
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:114
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:110
+#: pam_sss.8.xml:123
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:111
+#: pam_sss.8.xml:124
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:130
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:118
+#: pam_sss.8.xml:131
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5092,7 +5220,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:123
+#: pam_sss.8.xml:136
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5104,7 +5232,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:133
+#: pam_sss.8.xml:146
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -5116,6 +5244,11 @@ msgstr ""
msgid "sssd_krb5_locator_plugin"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:22
msgid ""
@@ -5128,7 +5261,7 @@ msgid ""
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
-"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
@@ -5258,7 +5391,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:84
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -5303,6 +5436,11 @@ msgstr ""
msgid "sssd-ipa"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
msgid ""
@@ -5390,7 +5528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:167
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:320
msgid "dyndns_update (boolean)"
msgstr ""
@@ -5405,7 +5543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:181
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:334
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -5420,12 +5558,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:192
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:345
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:195
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:348
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -5446,12 +5584,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:206
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:359
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:209
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:362
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"whose IP address should be used for dynamic DNS updates."
@@ -5476,7 +5614,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:188 sssd-ad.5.xml:147
+#: sssd-ipa.5.xml:188 sssd-ad.5.xml:152
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -5493,12 +5631,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211 sssd-ad.5.xml:220
+#: sssd-ipa.5.xml:211 sssd-ad.5.xml:373
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:223
+#: sssd-ipa.5.xml:214 sssd-ad.5.xml:376
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -5506,12 +5644,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:227 sssd-ad.5.xml:236
+#: sssd-ipa.5.xml:227 sssd-ad.5.xml:389
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:230 sssd-ad.5.xml:239
+#: sssd-ipa.5.xml:230 sssd-ad.5.xml:392
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -5530,19 +5668,19 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247 sssd-ad.5.xml:250
+#: sssd-ipa.5.xml:247 sssd-ad.5.xml:403
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250 sssd-ad.5.xml:253
+#: sssd-ipa.5.xml:250 sssd-ad.5.xml:406
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:254 sssd-ad.5.xml:257
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:410
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
@@ -5572,101 +5710,92 @@ msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:304 sssd-ipa.5.xml:323 sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:280 sssd-ipa.5.xml:299 sssd-ipa.5.xml:318 sssd-ipa.5.xml:337
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:285
-msgid ""
-"If filter is given in any of search bases and "
-"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter "
-"will be ignored."
-msgstr ""
-
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:290 sssd-ipa.5.xml:309 include/ldap_search_bases.xml:23
-#: include/ldap_search_bases_experimental.xml:23
+#: sssd-ipa.5.xml:285 sssd-ipa.5.xml:304 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:297
+#: sssd-ipa.5.xml:292
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:300
+#: sssd-ipa.5.xml:295
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:316
+#: sssd-ipa.5.xml:311
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:314
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:328
+#: sssd-ipa.5.xml:323
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:335
+#: sssd-ipa.5.xml:330
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:338
+#: sssd-ipa.5.xml:333
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:342
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:354 sssd-krb5.5.xml:252
+#: sssd-ipa.5.xml:349 sssd-krb5.5.xml:245
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:357
+#: sssd-ipa.5.xml:352
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364 sssd-ad.5.xml:277
+#: sssd-ipa.5.xml:359 sssd-ad.5.xml:430
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:374
+#: sssd-ipa.5.xml:369
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:378
+#: sssd-ipa.5.xml:373
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:389
+#: sssd-ipa.5.xml:384
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5674,12 +5803,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:402
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:397 sssd-krb5.5.xml:407
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:400 sssd-krb5.5.xml:410
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:405
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:414 sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:419
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: try"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422 sssd-krb5.5.xml:435
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:431
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:434
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5687,17 +5863,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:412 sssd-ipa.5.xml:428
+#: sssd-ipa.5.xml:441 sssd-ipa.5.xml:457
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:447
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:450
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -5705,12 +5881,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:463
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:437
+#: sssd-ipa.5.xml:466
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5719,342 +5895,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:475
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:480
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:456
+#: sssd-ipa.5.xml:485
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:462
-msgid "ipa_hbac_support_srchost (boolean)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:465
-msgid ""
-"If this is set to false, then srchost as given to SSSD by PAM will be "
-"ignored."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:469
-msgid ""
-"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
-"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480
+#: sssd-ipa.5.xml:491
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:494
msgid "This option should only be set by the IPA installer."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487
+#: sssd-ipa.5.xml:498
msgid ""
"The option denotes that the SSSD is running on IPA server and should perform "
"lookups of users and groups from trusted domains differently."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:498
+#: sssd-ipa.5.xml:509
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:501
+#: sssd-ipa.5.xml:512
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:504
+#: sssd-ipa.5.xml:515
msgid "Default: The location named \"default\""
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:511
-msgid "ipa_netgroup_member_of (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:514
-msgid "The LDAP attribute that lists netgroup's memberships."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:523
-msgid "ipa_netgroup_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:526
-msgid ""
-"The LDAP attribute that lists system users and groups that are direct "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531 sssd-ipa.5.xml:626
-msgid "Default: memberUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:536
-msgid "ipa_netgroup_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:539
-msgid ""
-"The LDAP attribute that lists hosts and host groups that are direct members "
-"of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:543 sssd-ipa.5.xml:638
-msgid "Default: memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:548
-msgid "ipa_netgroup_member_ext_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:551
-msgid ""
-"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-"members of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:555
-msgid "Default: externalHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:560
-msgid "ipa_netgroup_domain (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:563
-msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:567
-msgid "Default: nisDomainName"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:573
-msgid "ipa_host_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:576 sssd-ipa.5.xml:599
-msgid "The object class of a host entry in LDAP."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:579 sssd-ipa.5.xml:602
-msgid "Default: ipaHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:584
-msgid "ipa_host_fqdn (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:587
-msgid "The LDAP attribute that contains FQDN of the host."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:590
-msgid "Default: fqdn"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:596
-msgid "ipa_selinux_usermap_object_class (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:607
-msgid "ipa_selinux_usermap_name (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:610
-msgid "The LDAP attribute that contains the name of SELinux usermap."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:619
-msgid "ipa_selinux_usermap_member_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:622
-msgid ""
-"The LDAP attribute that contains all users / groups this rule match against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:631
-msgid "ipa_selinux_usermap_member_host (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
-msgid ""
-"The LDAP attribute that contains all hosts / hostgroups this rule match "
-"against."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:643
-msgid "ipa_selinux_usermap_see_also (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:646
-msgid ""
-"The LDAP attribute that contains DN of HBAC rule which can be used for "
-"matching instead of memberUser and memberHost"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:651
-msgid "Default: seeAlso"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:656
-msgid "ipa_selinux_usermap_selinux_user (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:659
-msgid "The LDAP attribute that contains SELinux user string itself."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:663
-msgid "Default: ipaSELinuxUser"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:668
-msgid "ipa_selinux_usermap_enabled (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:671
-msgid ""
-"The LDAP attribute that contains whether or not is user map enabled for "
-"usage."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:675
-msgid "Default: ipaEnabledFlag"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:680
-msgid "ipa_selinux_usermap_user_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:683
-msgid "The LDAP attribute that contains user category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:687
-msgid "Default: userCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:692
-msgid "ipa_selinux_usermap_host_category (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:695
-msgid "The LDAP attribute that contains host category such as 'all'."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:699
-msgid "Default: hostCategory"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:704
-msgid "ipa_selinux_usermap_uuid (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:707
-msgid "The LDAP attribute that contains unique ID of the user map."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:711
-msgid "Default: ipaUniqueID"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:716
-msgid "ipa_host_ssh_public_key (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:719
-msgid "The LDAP attribute that contains the host's SSH public keys."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:723
-msgid "Default: ipaSshPubKey"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:732
+#: sssd-ipa.5.xml:525
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:734
+#: sssd-ipa.5.xml:527
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:738
+#: sssd-ipa.5.xml:531
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -6062,7 +5966,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:744
+#: sssd-ipa.5.xml:537
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -6074,7 +5978,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:761
+#: sssd-ipa.5.xml:554
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6082,7 +5986,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:768
+#: sssd-ipa.5.xml:561
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -6096,6 +6000,11 @@ msgstr ""
msgid "sssd-ad"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
msgid ""
@@ -6143,7 +6052,7 @@ msgstr ""
#: sssd-ad.5.xml:62
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access and chpass provider. No "
+"AD provider can also be used as an access, chpass and sudo provider. No "
"configuration of the access provider is required on the client side."
msgstr ""
@@ -6162,44 +6071,53 @@ msgid ""
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
-"<placeholder type=\"programlisting\" id=\"0\"/> Users, groups and other "
-"entities served by SSSD are always treated as case-insensitive in the AD "
-"provider for compatibility with Active Directory's LDAP implementation."
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:81
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:91
+#: sssd-ad.5.xml:96
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:94
+#: sssd-ad.5.xml:99
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:104
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:109
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:111
+#: sssd-ad.5.xml:116
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:114
+#: sssd-ad.5.xml:119
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
@@ -6209,12 +6127,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:127
+#: sssd-ad.5.xml:132
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:130
+#: sssd-ad.5.xml:135
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6222,19 +6140,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:136
+#: sssd-ad.5.xml:141
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:144
+#: sssd-ad.5.xml:149
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:151
+#: sssd-ad.5.xml:156
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -6244,8 +6162,167 @@ msgid ""
"discovery as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:172
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:175
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:170
+#: sssd-ad.5.xml:199
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:204
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:215
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:225
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: Not set"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:231
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:234
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:256
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:259
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:268
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:274
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:287
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:291
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:297
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:303
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:314
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: permissive"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:323
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -6256,29 +6333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:200
+#: sssd-ad.5.xml:353
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:214
+#: sssd-ad.5.xml:367
msgid "Default: Use the IP address of the AD LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:265 sssd-krb5.5.xml:503
+#: sssd-ad.5.xml:418 sssd-krb5.5.xml:496
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:268 sssd-krb5.5.xml:506
+#: sssd-ad.5.xml:421 sssd-krb5.5.xml:499
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:295
+#: sssd-ad.5.xml:448
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -6286,7 +6363,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:302
+#: sssd-ad.5.xml:455
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -6301,7 +6378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:322
+#: sssd-ad.5.xml:475
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -6310,7 +6387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:318
+#: sssd-ad.5.xml:471
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -6318,7 +6395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:481
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>."
@@ -6383,20 +6460,41 @@ msgid ""
"citerefentry>."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:72
+#: sssd-sudo.5.xml:82
msgid "Configuring SSSD to fetch sudo rules"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:74
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
msgid ""
"The following example shows how to configure SSSD to download sudo rules "
"from an LDAP server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-sudo.5.xml:79
+#: sssd-sudo.5.xml:99
#, no-wrap
msgid ""
"[sssd]\n"
@@ -6412,20 +6510,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:92
+#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use the IPA provider, the sudo provider is "
-"automatically enabled. The sudo search base is configured to use the compat "
-"tree (ou=sudoers,$DC)."
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:99
+#: sssd-sudo.5.xml:119
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:101
+#: sssd-sudo.5.xml:121
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -6436,7 +6534,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:109
+#: sssd-sudo.5.xml:129
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -6445,7 +6543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:115
+#: sssd-sudo.5.xml:135
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -6456,7 +6554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:123
+#: sssd-sudo.5.xml:143
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -6467,7 +6565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:132
+#: sssd-sudo.5.xml:152
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -6475,37 +6573,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:139
+#: sssd-sudo.5.xml:159
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:144
+#: sssd-sudo.5.xml:164
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:149
+#: sssd-sudo.5.xml:169
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:154
+#: sssd-sudo.5.xml:174
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:179
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:184
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:170
+#: sssd-sudo.5.xml:190
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -6692,6 +6790,13 @@ msgid ""
"purposes."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:193
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
msgid "sss_obfuscate"
@@ -6949,6 +7054,11 @@ msgstr ""
msgid "sssd-krb5"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:23
msgid ""
@@ -7047,106 +7157,102 @@ msgstr ""
#: sssd-krb5.5.xml:138
msgid ""
"Directory to store credential caches. All the substitution sequences of "
-"krb5_ccname_template can be used here, too, except %d and %P. If the "
-"directory does not exist, it will be created. If %u, %U, %p or %h are used, "
-"a private directory belonging to the user is created. Otherwise, a public "
-"directory with restricted deletion flag (aka sticky bit, as described in "
-"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
-"</citerefentry> for details) is created."
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:152
+#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:158
+#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:172 include/override_homedir.xml:11
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:173 include/override_homedir.xml:12
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:176 include/override_homedir.xml:15
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:177
+#: sssd-krb5.5.xml:170
msgid "login UID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:180
+#: sssd-krb5.5.xml:173
msgid "%p"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:181
+#: sssd-krb5.5.xml:174
msgid "principal name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:185
+#: sssd-krb5.5.xml:178
msgid "%r"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:186
+#: sssd-krb5.5.xml:179
msgid "realm name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:189
+#: sssd-krb5.5.xml:182
msgid "%h"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:190
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:194 include/override_homedir.xml:19
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:195
-msgid "value of krb5ccache_dir"
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:200
+#: sssd-krb5.5.xml:193
msgid "%P"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:201
+#: sssd-krb5.5.xml:194
msgid "the process ID of the SSSD client"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:206 include/override_homedir.xml:34
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:34
msgid "%%"
msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:207 include/override_homedir.xml:35
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:35
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:161
+#: sssd-krb5.5.xml:154
msgid ""
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
@@ -7159,7 +7265,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:215
+#: sssd-krb5.5.xml:208
msgid ""
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
@@ -7168,7 +7274,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:223
+#: sssd-krb5.5.xml:216
msgid ""
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide krb5.conf configuration file in the [libdefaults] "
@@ -7178,17 +7284,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:232
+#: sssd-krb5.5.xml:225
msgid "Default: (from libkrb5)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:238
+#: sssd-krb5.5.xml:231
msgid "krb5_auth_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:241
+#: sssd-krb5.5.xml:234
msgid ""
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
@@ -7196,7 +7302,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:255
+#: sssd-krb5.5.xml:248
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
@@ -7207,36 +7313,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:270
+#: sssd-krb5.5.xml:263
msgid "krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:273
+#: sssd-krb5.5.xml:266
msgid ""
"The location of the keytab to use when validating credentials obtained from "
"KDCs."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:277
+#: sssd-krb5.5.xml:270
msgid "Default: /etc/krb5.keytab"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:283
+#: sssd-krb5.5.xml:276
msgid "krb5_store_password_if_offline (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:286
+#: sssd-krb5.5.xml:279
msgid ""
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:291
+#: sssd-krb5.5.xml:284
msgid ""
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
@@ -7244,91 +7350,91 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:304
+#: sssd-krb5.5.xml:297
msgid "krb5_renewable_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:307
+#: sssd-krb5.5.xml:300
msgid ""
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:312 sssd-krb5.5.xml:346 sssd-krb5.5.xml:383
+#: sssd-krb5.5.xml:305 sssd-krb5.5.xml:339 sssd-krb5.5.xml:376
msgid "<emphasis>s</emphasis> for seconds"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:315 sssd-krb5.5.xml:349 sssd-krb5.5.xml:386
+#: sssd-krb5.5.xml:308 sssd-krb5.5.xml:342 sssd-krb5.5.xml:379
msgid "<emphasis>m</emphasis> for minutes"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:318 sssd-krb5.5.xml:352 sssd-krb5.5.xml:389
+#: sssd-krb5.5.xml:311 sssd-krb5.5.xml:345 sssd-krb5.5.xml:382
msgid "<emphasis>h</emphasis> for hours"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:355 sssd-krb5.5.xml:392
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>d</emphasis> for days."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:324 sssd-krb5.5.xml:395
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:388
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:328 sssd-krb5.5.xml:399
+#: sssd-krb5.5.xml:321 sssd-krb5.5.xml:392
msgid ""
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:333
+#: sssd-krb5.5.xml:326
msgid "Default: not set, i.e. the TGT is not renewable"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:339
+#: sssd-krb5.5.xml:332
msgid "krb5_lifetime (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:342
+#: sssd-krb5.5.xml:335
msgid ""
"Request ticket with a lifetime, given as an integer immediately followed by "
"a time unit:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:358
+#: sssd-krb5.5.xml:351
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:362
+#: sssd-krb5.5.xml:355
msgid ""
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:367
+#: sssd-krb5.5.xml:360
msgid ""
"Default: not set, i.e. the default ticket lifetime configured on the KDC."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:374
+#: sssd-krb5.5.xml:367
msgid "krb5_renew_interval (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:377
+#: sssd-krb5.5.xml:370
msgid ""
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
@@ -7336,81 +7442,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:404
+#: sssd-krb5.5.xml:397
msgid "If this option is not set or is 0 the automatic renewal is disabled."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:414
-msgid "krb5_use_fast (string)"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:417
-msgid ""
-"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
-"authentication. The following options are supported:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:422
+#: sssd-krb5.5.xml:415
msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:426
+#: sssd-krb5.5.xml:419
msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:431
-msgid ""
-"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
-"server does not require fast."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:436
+#: sssd-krb5.5.xml:429
msgid "Default: not set, i.e. FAST is not used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:439
+#: sssd-krb5.5.xml:432
msgid "NOTE: a keytab is required to use FAST."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:442
-msgid ""
-"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
-"SSSD is used with an older version of MIT Kerberos, using this option is a "
-"configuration error."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-krb5.5.xml:451
+#: sssd-krb5.5.xml:444
msgid "krb5_fast_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:454
+#: sssd-krb5.5.xml:447
msgid "Specifies the server principal to use for FAST."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:463
+#: sssd-krb5.5.xml:456
msgid ""
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-krb5.5.xml:512
-msgid "Default: false (AD provide: true)"
+#: sssd-krb5.5.xml:505
+msgid "Default: false (AD provider: true)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -7424,7 +7503,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-krb5.5.xml:528
+#: sssd-krb5.5.xml:521
msgid ""
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
@@ -7433,7 +7512,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-krb5.5.xml:536
+#: sssd-krb5.5.xml:529
#, no-wrap
msgid ""
" [domain/FOO]\n"
@@ -7997,6 +8076,162 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr "这些选项可被用于配置任何服务。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
msgstr ""
@@ -8178,7 +8413,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
msgstr ""
@@ -8328,13 +8563,55 @@ msgid ""
"values, ALL values must be manually-assigned."
msgstr ""
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:17
+#: include/ldap_id_mapping.xml:59
msgid "Mapping Algorithm"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:19
+#: include/ldap_id_mapping.xml:61
msgid ""
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
@@ -8343,7 +8620,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:25
+#: include/ldap_id_mapping.xml:67
msgid ""
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
@@ -8351,7 +8628,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:31
+#: include/ldap_id_mapping.xml:73
msgid ""
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
@@ -8360,7 +8637,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:38
+#: include/ldap_id_mapping.xml:80
msgid ""
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
@@ -8368,7 +8645,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:44
+#: include/ldap_id_mapping.xml:86
msgid ""
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
@@ -8381,13 +8658,13 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:59
+#: include/ldap_id_mapping.xml:101
msgid ""
"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><programlisting>
-#: include/ldap_id_mapping.xml:64
+#: include/ldap_id_mapping.xml:106
#, no-wrap
msgid ""
"ldap_id_mapping = True\n"
@@ -8395,7 +8672,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:69
+#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 10,001 and going up to "
@@ -8403,24 +8680,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
-#: include/ldap_id_mapping.xml:75
+#: include/ldap_id_mapping.xml:117
msgid "Advanced Configuration"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:78
+#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:81
+#: include/ldap_id_mapping.xml:123
msgid ""
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:85
+#: include/ldap_id_mapping.xml:127
msgid ""
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
@@ -8430,24 +8707,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:95 include/ldap_id_mapping.xml:131
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
msgid "Default: 200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:100
+#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:103
+#: include/ldap_id_mapping.xml:145
msgid ""
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:107
+#: include/ldap_id_mapping.xml:149
msgid ""
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
@@ -8457,30 +8734,54 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:117
+#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:122
+#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:125
+#: include/ldap_id_mapping.xml:167
msgid ""
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:184
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:136
+#: include/ldap_id_mapping.xml:194
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:139
+#: include/ldap_id_mapping.xml:197
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -8488,36 +8789,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:150
+#: include/ldap_id_mapping.xml:208
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:153
+#: include/ldap_id_mapping.xml:211
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:161
+#: include/ldap_id_mapping.xml:219
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:164
+#: include/ldap_id_mapping.xml:222
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:169
+#: include/ldap_id_mapping.xml:227
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:174
+#: include/ldap_id_mapping.xml:232
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -8526,6 +8827,77 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:251
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:253
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:259
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:262
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:263
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:264
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:265
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:266
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:267
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:269
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:273
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names are excepted to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-?</option>,<option>--help</option>"
@@ -8544,104 +8916,118 @@ msgstr ""
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
msgid ""
-"Bit mask that indicates which debug levels will be visible. 0x0010 is the "
-"default value as well as the lowest allowed value, 0xFFF0 is the most "
-"verbose mode. This setting overrides the settings from config file."
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:8
+#: include/debug_levels.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:11
+#: include/debug_levels.xml:13
msgid ""
-"<emphasis>0x0010</emphasis>: Fatal failures. Anything that would prevent "
-"SSSD from starting up or causes it to cease running."
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:15
+#: include/debug_levels.xml:19
msgid ""
-"<emphasis>0x0020</emphasis>: Critical failures. An error that doesn't kill "
-"the SSSD, but one that indicates that at least one major feature is not "
-"going to work properly."
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:20
+#: include/debug_levels.xml:26
msgid ""
-"<emphasis>0x0040</emphasis>: Serious failures. An error announcing that a "
-"particular request or operation has failed."
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:24
+#: include/debug_levels.xml:31
msgid ""
-"<emphasis>0x0080</emphasis>: Minor failures. These are the errors that would "
-"percolate down to cause the operation failure of 2."
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:28
-msgid "<emphasis>0x0100</emphasis>: Configuration settings."
+#: include/debug_levels.xml:36
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:31
-msgid "<emphasis>0x0200</emphasis>: Function data."
+#: include/debug_levels.xml:40
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:34
-msgid "<emphasis>0x0400</emphasis>: Trace messages for operation functions."
+#: include/debug_levels.xml:44
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:37
+#: include/debug_levels.xml:48
msgid ""
-"<emphasis>0x1000</emphasis>: Trace messages for internal control functions."
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:40
+#: include/debug_levels.xml:53
msgid ""
-"<emphasis>0x2000</emphasis>: Contents of function-internal variables that "
-"may be interesting."
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:43
-msgid "<emphasis>0x4000</emphasis>: Extremely low-level tracing information."
+#: include/debug_levels.xml:58
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:46
+#: include/debug_levels.xml:62
msgid ""
-"To log required debug levels, simply add their numbers together as shown in "
-"following examples:"
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:49
+#: include/debug_levels.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:53
+#: include/debug_levels.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:57
+#: include/debug_levels.xml:75
msgid ""
-"<emphasis>Note</emphasis>: This is new format of debug levels introduced in "
-"1.7.0. Older format (numbers from 0-10) is compatible but deprecated."
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:79
+msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
#. type: Content of: outside any tag (error?)
@@ -8717,13 +9103,14 @@ msgid ""
"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>."
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
-#: include/ldap_search_bases_experimental.xml:3
msgid ""
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
@@ -8731,37 +9118,32 @@ msgstr ""
#. type: Content of: <listitem><para><programlisting>
#: include/ldap_search_bases.xml:9
-#: include/ldap_search_bases_experimental.xml:9
#, no-wrap
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:7
-#: include/ldap_search_bases_experimental.xml:7
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:13
-#: include/ldap_search_bases_experimental.xml:13
msgid ""
-"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The filter "
-"must be a valid LDAP search filter as specified by http://www.ietf.org/rfc/"
-"rfc2254.txt"
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:19
-#: include/ldap_search_bases_experimental.xml:19
+#: include/ldap_search_bases.xml:23
msgid ""
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/ldap_search_bases.xml:27
-#: include/ldap_search_bases_experimental.xml:27
+#: include/ldap_search_bases.xml:31
msgid ""
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "